LeanLsp v0.2.0 should expose only dependencies that are needed by package users at runtime.
Development tooling must stay in :dev and :test so it is not part of runtime dependency resolution for downstream applications.
Production dependency decision
| Dependency | Scope | Runtime reason | Hex package | License decision |
|---|---|---|---|---|
docker_availability | Production/runtime | LeanLsp.Runtime.Docker calls DockerAvailability.check/0 before starting the default Docker-backed runtime. | Yes | Apache-2.0; compatible with this package license. |
Expected Hex dry-run production dependency list for v0.2.0:
docker_availability ~> 1.0docker_availability is intentionally kept as a production dependency because Docker availability probing is part of the public Docker runtime startup path.
LeanLsp.Runtime.Local should not introduce an additional production dependency. It should rely on Elixir/Erlang standard library facilities for host command execution unless a future release explicitly documents another dependency.
Development and test dependency decisions
| Dependency | Scope | Reason | Hex package | License decision |
|---|---|---|---|---|
nstandard | only: [:dev, :test], runtime: false | Repository standards, linting, CI, and Hex publish-readiness setup. It is not called by lib/ at runtime. | Yes | Apache-2.0; compatible with this package license. |
ex_doc | only: [:dev, :test], runtime: false | Documentation generation. | Yes | Apache-2.0; compatible with this package license. |
dialyxir | only: [:dev, :test], runtime: false | Dialyzer integration for local checks. | Yes | Apache-2.0; compatible with this package license. |
credo | only: [:dev, :test], runtime: false | Static analysis during local and CI checks. | Yes | MIT; permissive and compatible with this package license. |
spellweaver | only: [:dev, :test], runtime: false | Spelling checks for documentation and repository text. | Yes | Apache-2.0; compatible with this package license. |
These dependencies should not appear as production dependencies in mix hex.publish --dry-run --yes output.
Maintainer validation commands
Run these before publishing:
mix deps.unlock --check-unused
mix dependency.audit
mix publish.check
mix dependency.audit runs the unused-lock check and a non-interactive Hex dry run.
mix publish.check owns the broader pre-publish path for package build, documentation generation, downstream smoke testing, and Hex dry-run validation.
Audit expectations for v0.2.0
Before publishing v0.2.0, confirm:
- production dependencies are limited to dependencies required by runtime users;
- development and test tooling dependencies have
only: [:dev, :test]andruntime: false; - local runtime support does not accidentally introduce a new production dependency;
mix hex.publish --dry-run --yesdoes not list development-only tools as package runtime dependencies;mix deps.unlock --check-unusedpasses.