How to tame the dependencies of a plain React app?

hey guys… is there a way to reign in dependencies with my plasmic app? I’ve got a new app created with create-plasmic-app, vanilla React (no NextJS, no TS) with about 3 components and 3 varients, and I’ve not even begun implementing any logic yet, any my app has 1678 dependencies

also, from the default install from that “create-plasmic-app”, we get 11 vulnerabilities, with 6 of them being high and 5 being moderate – npm audit fix --force is unable to upgrade the vulnerable dependencies, in fact after running, we see 80 vulnerabilities (41 high, 21 moderate, 13 low, and 5 CRITICAL)

Hi @bewildered_buzzard!

Thank you for letting us know!

Could you share your project ID with me (feel free to DM) so we can take a look? (I just tested with a small project but it only found 1 high vulnerability, from a dependency of react-scripts (which comes with create-react-app)

hi @bewildered_buzzard! I think most of those dependencies come from create-react-app , which also includes jest, react-scripts, etc (I think most of those dependencies aren’t used in the built js bundle).

but it should also be possible to integrate Plasmic with any React project, even those that don’t use create-react-app (this tutorial of creating a minimal React app might help, and check our codegen guide to help integrate with it)

LMK if the above helps