Dependencies Inventory¶
From package.json: 38 runtime deps, 1 devDep (npm-force-resolutions).
Runtime deps (~38)¶
Nuxt + Vue¶
| Package | Version |
|---|---|
@nuxt/cli |
^2.18.1 |
@nuxt/webpack |
^2.18.1 |
@nuxtjs/auth |
^4.9.1 |
@nuxtjs/axios |
^5.13.6 |
@nuxtjs/dotenv |
^1.4.2 |
@vue/cli-plugin-babel |
^5.0.8 |
@vue/compiler-sfc |
^3.5.6 — Vue 3 SFC compiler in a Vue 2 project |
@vue/server-renderer |
^3.5.6 — Vue 3 SSR renderer in a Vue 2 SPA project |
cookie-universal-nuxt |
^2.2.2 |
core-js |
^3.37.1 |
css-loader |
^5.2.7 |
dotenv |
^16.4.5 |
nuxt |
^2.15.8 |
vue |
2.7.16 (pinned, not caret) |
Vue 3 compiler & server-renderer in a Vue 2 project is a smell. Probably an accident from a copy-paste from a Nuxt 3 starter. Verify they're not actually used; remove if unused.
UI / styling¶
| Package | Version |
|---|---|
bootstrap |
^5.3.3 |
bootstrap-vue |
^2.23.1 — Bootstrap-Vue v2 targets BS 4, not 5 (per ui-component-library.md) |
vue-color |
^2.8.1 |
vue-notification |
^1.3.20 |
vue-select |
^3.20.3 |
vue-toastification |
^1.7.14 |
masonry-layout |
^4.2.2 |
qrcode |
^1.5.3 |
Polotno editor (in the parent — duplicated from polotno-editor/package.json)¶
| Package | Version |
|---|---|
polotno |
^2.9.14 (older than the subproject's 2.13.10 — drift) |
react |
^18.3.1 |
react-dom |
^18.3.1 |
mobx |
^6.13.0 |
mobx-react-lite |
^4.0.7 |
mobx-state-tree |
^6.0.1 |
File upload¶
| Package | Version |
|---|---|
filepond |
^4.31.1 |
filepond-plugin-file-metadata |
^1.0.8 |
filepond-plugin-file-validate-size |
^2.2.8 |
filepond-plugin-file-validate-type |
^1.2.9 |
filepond-plugin-image-exif-orientation |
^1.0.11 |
filepond-plugin-image-preview |
^4.6.12 |
filepond-plugin-image-transform |
^3.8.7 |
filepond-plugin-image-validate-size |
^1.2.7 |
react-filepond |
^7.1.2 |
vue-filepond |
^7.0.4 |
Time¶
| Package | Version |
|---|---|
moment |
^2.30.1 |
moment-timezone |
^0.5.45 |
Auth¶
| Package | Version |
|---|---|
bcryptjs |
^2.4.3 — client-side bcrypt? Verify usage; usually password hashing is server-side. |
Notable issues¶
-
Vue 2 + Vue 3 deps coexist (
vue2.7.16,@vue/compiler-sfc3.5.6,@vue/server-renderer3.5.6) — confusing. Remove the v3 deps unless they're actually used. -
Polotno version drift between parent (
^2.9.14) and subproject (^2.13.10). Align — either bump the parent or pin the subproject. -
Bootstrap-Vue v2 + Bootstrap v5.3 — incompatible. Pick one.
-
bcryptjsin FE deps — unusual. Either remove or document why. -
No linter, no formatter, no test framework.
-
npm-force-resolutionsas the only devDep — used to pin transitive dep versions. Theresolutionsblock inpackage.jsonpinsreact-sortablejs: 6.1.1. Verify why this is needed. -
@nuxt/webpackdeclared separately — Nuxt 2 already brings its webpack; the explicit declaration is suspicious. -
No
expo-server-sdk, no Stripe, no Paddle — sensible (designer FE doesn't deal with payments).
Lockfile situation¶
package-lock.json is in repo (838 KB). No yarn.lock. The nuxt.config.js and root code patterns suggest npm; verify.
Health summary¶
The dependency tree is functional but accumulating drift. Notable cleanup opportunities:
- Decide BS-Vue v2+BS4 vs BS-Vue v3+BS5
- Remove Vue 3 deps (compiler, server-renderer)
- Align Polotno versions
- Verify
bcryptjsneed - Pin one package manager
These are all small individual changes. Together they reduce installation surprises and confusion for new engineers.
Vue 2 EOL note¶
Vue 2 reached end-of-life on December 31, 2023. Bootstrap-Vue 2 has not been updated to target Vue 3. Both will continue to work, but will receive no security patches. Plan a migration to Vue 3 / Nuxt 3 + BootstrapVueNext within the next 12-18 months, or accept the maintenance debt.
The migration is non-trivial: ~73 pages, all the Bootstrap-Vue components, Vuex 3 → Pinia, etc. Estimated effort 2-4 engineer-months.