Skip to content

chore: remove image-size#1406

Open
ilteoood wants to merge 2 commits into
callstack:mainfrom
ilteoood:chore/remove-image-size
Open

chore: remove image-size#1406
ilteoood wants to merge 2 commits into
callstack:mainfrom
ilteoood:chore/remove-image-size

Conversation

@ilteoood

@ilteoood ilteoood commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Summary

The image-size package is now read-only on GitHub, and on codeberg has been a while since its last commit.
This PR is to migrate to sharp.

Test plan

@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

@ilteoood is attempting to deploy a commit to the Callstack Team on Vercel.

A member of the Team first needs to authorize it.

@changeset-bot

changeset-bot Bot commented Jul 7, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 0a202a4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 6 packages
Name Type
@callstack/repack Patch
@callstack/repack-plugin-expo-modules Patch
@callstack/repack-plugin-nativewind Patch
@callstack/repack-plugin-reanimated Patch
@callstack/repack-dev-server Patch
@callstack/repack-init Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@dannyhw dannyhw left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Firstly thanks for taking the time for opening this pr, appreciate the interest in repack.

I'm concerned that sharp might be a large dependency to add for just image size check?

  1. what do we gain by moving to sharp
  2. is there some issue with image-size in its current form?

@ilteoood

ilteoood commented Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

Hey @dannyhw, to both I would answer with the following Snyk vulnerability

@dannyhw

dannyhw commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

@ilteoood is that not addressed?
As in if we updated to the latest version on the package it also solves the vuln right?

@ilteoood

ilteoood commented Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

@ilteoood is that not addressed?
As in if we updated to the latest version on the package it also solves the vuln right?

Yes, exactly!

@dannyhw

dannyhw commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Im not opposed to a change like this I just think there needs to be a measurable improvement. Of course we need to address the vuln but simpler is usually better i.e whats the downside of just updating the image size version to a non vulnerable one.

I also see that sharp might require us to bump the minimum node version (which may be due but not in a patch)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants