Skip to content

[npm-check-fork] Replace package-json and throat dependencies with local implementations #5564

New issue
New issue
Open
Open
[npm-check-fork] Replace package-json and throat dependencies with local implementations#5564
Assignees
TheLarkInn
Labels
effort: mediumNeeds a somewhat experienced developerenhancementThe issue is asking for a new feature or design change
@TheLarkInn

Description

@TheLarkInn
TheLarkInn
opened on Jan 24, 2026

Summary

The @rushstack/npm-check-fork package depends on package-json and throat, which should be replaced with existing Rush Stack utilities:

  • package-json: ESM-only module with a heavy dependency tree (~500KB). We only use it to fetch basic registry metadata.
  • throat: Concurrency limiter that duplicates functionality already in @rushstack/node-core-library

Details

Proposed solution:

  1. Replace package-json with a minimal NpmRegistryClient class using the existing WebClient from @rushstack/rush-lib
  2. Replace throat with Async.forEachAsync from @rushstack/node-core-library

Benefits:

  • Eliminates ESM compatibility issues with CJS consumers
  • Reduces bundle size and dependency footprint
  • Integrates with Rush's existing proxy configuration
  • Uses utilities already in the codebase
  • Reduces chances of CVE's from upstream dependencies

Standard questions

Question Answer
Package name: @rushstack/npm-check-fork
Package version? 5.0.x
Operating system? All
Would you consider contributing a PR? Yes
Node.js version (node -v)? 18.x+

Metadata

Metadata

Assignees

Labels

effort: mediumNeeds a somewhat experienced developerenhancementThe issue is asking for a new feature or design change

Type

No type

Projects

Bug Triage

Status

In Progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions