Dependency Versions

[evieluvsrainbows]

I've noticed when looking at the Brackets source code tree that a lot of the dependencies you guys use are quite outdated, such as React, Immutable, Lodash, jQuery and a lot of other dependencies. That and when trying to build Brackets using Node.js 7.1.0, it fails at npm install due to the dependency versions in package.json being really outdated. Some of the dependencies you guys are using are over 4 years old (Example: Mustache.js), which is really bad, especially when it comes to security.

Also, one little question: Instead of maintaining a separate CodeMirror fork, why not just use the official CodeMirror releases? It'll be much easier to update CodeMirror with every new Brackets release then.

Also, I know you guys might not consider this to be that important, but I think it would be a good idea if you guys went and did a full dependency update. You guys can't keep using 4 year old dependency versions forever. And it would be a good idea as well to upgrade to the latest current Node.js version (7.1.0 as of writing this) instead of sticking with old 6.x releases.

[zaggino]

We already moved some thirdparty dependencies to be managed by npm, careful work needs to be done to move more, but I agree with what you've written.

[petetnt]

Hell @KamranMackey!

I totally agree with you. I outlined the process, updated (most) of the dependencies and created a POC here: #12006. TL;DR: it's possible, albeit a bit non-trivial and requires a good calibration. There's other things I would want to do in the long run, like getting rid of AMD modules in favor of CommonJS ones, but if Chromium manages to land ES6 modules support sometime soon we might be able to use just them too.

We are using a fork of CodeMirror due to historical reasons but I think by now most of the changes required for Brackets are already upstream, so I don't see if there's any benefit of maintaining our own fork anymore.