Dependencies Inventory¶
From package.json: 30 runtime dependencies, 0 dev dependencies (apart from nodemon).
Notable¶
| Package | Version | Use |
|---|---|---|
aws-sdk |
^2.1691.0 | S3 (v2, same drift problem as siblings) |
axios |
^1.7.7 | HTTP client |
bcryptjs |
^2.4.3 | Password hashing |
cheerio |
^1.0.0 | HTML parsing |
cors |
^2.8.5 | CORS middleware |
dotenv |
^16.4.5 | Env loader |
expo-server-sdk |
^3.11.0 | Expo push (probably unused; verify) |
express |
^4.21.0 | HTTP server (newer than Someli-admin-api's 4.19.2) |
express-fileupload |
^1.5.1 | File upload |
fetch |
^1.1.0 | Spurious (old unmaintained, not standard polyfill) — remove |
fluent-ffmpeg |
^2.1.3 | FFmpeg wrapper |
moment |
^2.30.1 | Date (in maintenance mode) |
moment-weekday-calc |
^1.1.5 | Moment plugin for weekday calculations |
mysql |
^2.18.1 | callback driver |
mysql2 |
^3.11.3 | promise driver |
node-cron |
^3.0.3 | cron scheduling |
nodemon |
^3.1.7 | dev watcher (in runtime deps, not dev deps — minor smell) |
openai |
^4.63.0 | OpenAI SDK |
path |
^0.12.7 | Spurious (built-in shadow) — remove |
pdf-parse |
^1.1.1 | PDF text extraction |
polotno-node |
^2.10.4 | Polotno server SDK (newer than Someli-admin-api's 2.9.30) |
puppeteer |
^23.4.0 | Headless Chrome (newer than Someli-admin-api's 22) |
request |
^2.88.2 | Deprecated — replace with axios |
sharp |
^0.33.5 | Image manipulation (newer than Someli-admin-api's 0.32.1) |
slack |
^11.0.2 | Slack SDK |
socket.io |
^4.8.0 | WebSockets |
sync-mysql |
^3.0.1 | blocking driver — used in every job + bot |
sync-request |
^6.1.0 | blocking HTTP — used in teamsnotification.js |
unsplash-js |
^7.0.19 | Unsplash API |
uuid |
^10.0.0 | UUIDs |
What's missing vs sibling backends¶
- No
@aws-sdk/client-bedrock/ no Bedrock SDK — designer-api uses OpenAI exclusively for AI - No
@sendgrid/mail— wait, conf has SENDGRID_API_KEY but the package isn't in deps? Verify — either email features are broken, or the package is bundled via a different dep. - No
googleapis/ no Vertex — no Google AI - No
jsonwebtoken— no Bearer JWT auth - No
crypto-js— no AES encryption (no encrypted-token format) - No
passport*— no Passport - No
@paddle/paddle-node-sdk/ no Stripe — no payments - No
cors-related dep beyondcors— fine
Spurious / risky¶
| Package | Issue | Action |
|---|---|---|
path |
Built-in Node module shadowed by npm package | Remove |
fetch@1.1.0 |
Unmaintained, not standard polyfill | Remove if unused |
request@2.88.2 |
Officially deprecated | Replace with axios |
expo-server-sdk |
Likely unused (designer-api doesn't push to mobile) | Verify and remove |
sync-request |
Blocking HTTP — used in teamsnotification.js |
Replace with async axios |
Email gap¶
SENDGRID_API_KEY is configured but @sendgrid/mail is not declared. Either:
- Email is not actually sent from designer-api (the env var is leftover)
- Email is sent via raw HTTPS to SendGrid's API (
requestoraxios)
Verify by grep -nE "sendgrid|smtp|email" routes/routes.js helper/*.js.
Version drift vs siblings¶
| Package | designer-api | Someli-admin-api | someli-api (estimated) |
|---|---|---|---|
| express | 4.21.0 | 4.19.2 | 4.x |
| sharp | 0.33.5 | 0.32.1 | 0.33.5 |
| puppeteer | 23.4.0 | 22.13.1 | n/a |
| polotno-node | 2.10.4 | 2.9.30 | n/a |
| openai | 4.63.0 | 4.52.7 | n/a |
Designer-api is generally on newer dep versions than Someli-admin-api. Less drift than expected. Still, a unifying upgrade pass across all three backends would close gaps.
Recommendations¶
- Remove
path,fetch,request,expo-server-sdk(if unused) — Phase 0a - Add
@sendgrid/mailif email is intended, or removeSENDGRID_API_KEYfromconf.js— Phase 0a - Move
sync-requestcalls to async axios — Phase 1 - Migrate
aws-sdkv2 → v3 — Phase 2 - Migrate
sync-mysql→mysql2/promisein jobs and bots — Phase 2 (significant work; touches 60+ files) - Align dep versions across all four backends — Phase 1