Looks reasonable. I'll see if I can set aside some time this afternoon and give it a test run since the tests don't always cover every possibility.

I would be nice to test this branch on some "real world" apps. I guess I should try building plotly.js off this branch. Does anyone know a nice way to npm link third-party deduped modules?

@etpinard what about linking this repo under the sub-dependency path under node_modules dir of a real world plotly app?

My first attempt didn't go well.

For some reason

$ (cwise) npm link
$ (plotly.js) npm link cwise
$ (plotly.js) budo lib/index.js --open

gives:

Much more granuarly using ndarray-fill

$ (cwise) npm link
$ (ndarray-fill) npm link cwise
$ (ndarray-fill) npm test

gives

@etpinard I think the problem is how browserify is integrated in the ndarray-fill. It fails to place the necessary require("cwise") block.

I've created a pull request integrating tape-run. It runs perfectly fine.

I've created a pull request integrating tape-run. It runs perfectly fine.

Thanks for making that PR. That looks like a way more robust way to test cwise-transformed bundles 👏

But, this doesn't address this issue I noticed in plotly.js:

$ (cwise) npm link
$ (plotly.js) npm link cwise
$ (plotly.js) budo lib/index.js --open

still fails.

I understand you might not be interested in fixing this particular use case, so we certainly could merge this PR and release under a new major version signaling a possible breaking change.

@etpinard I think it's a problem with browserify.

I've tried it with webpack as described here, and it works.

Check out my plotly-webpack fork:

Can you try a 3D graph? The scatter trace doesn't need to use cwise.

Yes you're right, it's failing. 😒

I'd like to see this PR gets merged.so that 58 packages depends on this project wont receive vulnerabilities alert.

@rreusser shall we proceed? This PR does not seem to introduce any breaking change.

Hmm… @dy please do correct me if I'm mistaken, but I was under the impression that the current functioning of the cwise transform is incompatible with static-eval ^2, which is to say that cwise works fine with static-eval upgraded, but only if you're alright including esprima (~120kb, can't remember if that's minified or not) in production.

See: browserify/static-module#48 (comment)

any eta ?

Can this be merged?

What is the status of this?

My application uses vue-plotly^1.1.0 which has an indirect dependency on cwise^1.0.10 through plotly.js@1.52.1, gl-plot2d@1.4.4 and glplot3d@2.4.5, and gl-select-static@2.0.6. A bunch of npm audit vulnerabilities are due to cwise@1.0.10 use of static-module^1.0.0 which itself is dependent upon static-eval~0.2.0 which has moderate vulnerabilities according to npm audit.

The current version of static-eval is 2.1.0. Please fix this dependency.

@mhldtna If you want to accelerate the process, feel free to investigate and return back with your findings. Contributions are welcome.

@kgryte - see browserify/static-module#48.

It's unrealistic for me to add any value to that discussion.