Name: Snitch: The Smart Way to Clean Up Your .NET Dependencies
Uploaded: 2021-02-17T00:00:00Z
Description: Use the Snitch .NET global tool to find and remove redundant transitive NuGet dependencies from your project files

Transcript

Hi, my name is Stu and in this video we're going to be taking a look at a project called Snitch and how it can be used to remove some of the transitive dependencies in your applications. A transitive dependency is when one project brings in its dependencies into its parent project, and it's best to show this with an example.

So here we have Project B. This contains three random NuGet packages for the AWS SDK. We have the core package which contains some of the runtime pieces, we have DynamoDB, and we have SQS. Now in this application we're not really going to do anything with them other than showing you how to use the Snitch tool, so don't expect there to be any kind of functionality here. We also have the same setup in Project A where we have the same core, DynamoDB, and SQS packages, but we've also got a reference to Project B as well. As you can see, we have the same set of packages in both projects.

Now because Project A references Project B, we actually get all of Project B's dependencies. So let's take a look at this really quickly using the UI. On Project A, I'm going to expand the dependencies tab on the right hand side. I'm going to expand the packages and we see the exact same packages that we do on the main .csproj. Then I'm going to expand Projects and Project B, and you can see I have the same set of packages.

Now because Project A references Project B and it brings in all of its dependencies with it, the packages referenced in Project A are actually redundant. Luckily for us, we can clean up our .csproj files and remove the dependencies that we don't need anymore using a tool called Snitch. Snitch is a tool developed by somebody called Patrik Svensson and is used to find this exact scenario where we've got this redundant specification. It's very important to remove these redundant specifications because they can cause conflicts during your build.

Now in the .NET Core space, the dependency management is a lot better than it used to be in the .NET Framework, and we don't have DLL hell. But there are occasions where you can get yourself into real trouble with NuGet packages because of the constrained versions that they have. The AWS SDK is actually a really good example of this. This is because you have multiple packages like SQS and DynamoDB for different aspects of the system, all relying on a central core package. Now if you upgrade DynamoDB v2 to say the latest version but you didn't upgrade SQS at the same time, then you could have different versions of the core. This could introduce subtle breaking changes in your application that you might not be aware of.

So now let's take a look at how to install Snitch as a global tool. First thing I'm going to do is open a brand new command window. Then to install global tools, I'm going to type dotnet tool install, pass in -g for the global tool, and then type in the tool that I want to install. In this case it is called Snitch. Sometimes they'll be called dotnet- something, so be aware of that when you're looking at other tools to install. So hit enter, it will now go away to NuGet and install Snitch.

Because I'm already in my solution folder, I can invoke Snitch straight away simply by typing snitch. From here it will analyze my projects and tell me the projects that can be removed from each of the projects in my solution. For example, Project A is telling me that I can remove the AWS SDK Core, DynamoDB, and SQS packages. So let's do that quickly and then let's rerun Snitch.

So now I've removed them. Now type snitch again, it's going to re-analyze the project and it'll tell me that everything looks good. Now I've prevented possible problems for my application. It also has the nice side effect of cleaning up the .csproj to make it easier for things like reviews and updates.

With Snitch you can also pass in more options on the command line, such as targeting a specific project, a specific target framework, and we can also go into a strict mode should we want to use it inside of CI tools like TeamCity. And that is Snitch in a nutshell. As with any global tool, your mileage is going to vary based on your unique project settings, but overall this project looks really really promising and one that I thoroughly recommend you go and check out.

If you enjoyed this video, consider subscribing to the YouTube channel for more content like this.