Remove unused dependency wrappy

[rickschubert]

The dependency wrappy is nowhere used throughout the entire project which is why I removed it.

[rickschubert]

Do I also need to add the package-lock.json to the pull request? I was unsure.

[brodycj]

Do I also need to add the package-lock.json to the pull request?

I would say "yes" assuming there are any changes as a result of npm install since because package-lock.json was already committed.

[rickschubert]

@brodybits I just double checked and even removed the node_modules/ folder and reinstalled: No changes to the package-lock.json are coming through. Do you think this is expected as the dependency was unused? I am not too familiar with the base of a package-lock file.

[brodycj]

@rickschubert I stand corrected then, just updated my answer.

I think the explanation is that the wrapper dependency remains in package-lock.json because it is needed to satisfy other dependencies and newer versions of npm keep all dependencies at top level whenever possible.

I would like to make an additional comment that I suspect wrappy should be kept in dependencies and added to bundleDependencies since it it committed in node_modules/wrappy. I think this is done to support non-traditional installs, with no recent version of npm available. Leaving it up to npm people to comment further.

[rickschubert]

@brodybits Thank you for the comments! Let's see what other people say, otherwise this PR can be gladly scrapped :)

[zkat]

Allow me to clarify: wrappy was added to package.json in in order to flatten it. Until recently, npm used a special kind of installation style where top level dependencies all had their own node_modules, which reduced deduplication. This was done to prevent some upgrade-related issues from biting us because of a bug with the node.js installer itself (it didn't rimraf existing npm installations before extracting the new version).

This patch is also fine, because it gets rid of it, and it's normal that it wasn't removed from pkglock. It is, indeed, used by several dependencies:

➜ npm ls wrappy
npm@6.2.0 /Users/zkat/Documents/code/work/npm
├─┬ dezalgo@1.0.3
│ └── wrappy@1.0.2  deduped
├─┬ inflight@1.0.6
│ └── wrappy@1.0.2  deduped
├─┬ once@1.4.0
│ └── wrappy@1.0.2  deduped
├─┬ tap@12.0.1
│ └─┬ nyc@11.9.0
│   └─┬ glob@7.1.2
│     ├─┬ inflight@1.0.6
│     │ └── wrappy@1.0.2
│     └─┬ once@1.4.0
│       └── wrappy@1.0.2  deduped
└── wrappy@1.0.2

And finally, to answer your questions about bundleDependencies, @brodybits: npm includes all dependencies of bundled dependencies in the bundle list, so wrappy will still be included, and yes, it will continue to be committed. :)

[zkat]

This LGTM! 👍