[New Lib] heic-to

[Beamanator]

In order to properly evaluate if a new library can be added to package.json, please fill out this request form. It will be automatically assigned someone from our review team that will go through and vet the library.

In order to add any new production dependency, it must be approved by the App Deployer team. They will evaluate the library and decide if it's something we want to move forward with or if other alternatives should be explored.

Note: This is only for production dependencies. While we don't want people to add packages to dev-dependencies willy-nilly, we recognize that there isn't as great of a need there to secure them.

Name of library: heic-to

Note: We previously agreed to adding the library heic2any here, but since then we noticed that that lib doesn't work for the newest version of HEIC / HEIF - see alexcorvi/heic2any#61

Details

• Link to package: https://github.com/hoppergee/heic-to
• Problem solved by using this package:
  • Unable to upload HEIF image as money request (from any web platform) & HEIF images are created by the camera by default on new iPhones
    • Unable to upload HEIF image as money request (Web) #47078 (comment)
• Number of stars in GH: 107
• Number of monthly downloads: Unknown (not on NPM)
• Number of releases in the last year: 10
• Level of activity in the repo: Low
• Alternatives: None that we've seen for complete fix, but heic2any does well for older versions of HEIC/HEIF files
• Are security concerns brought up and addressed in the library's repo?

Not that I know of, but this is not the type of library that would raise any security concerns.

• How many dependencies does this lib use that will be brought into our code? 0
• What will the effect be on the bundle size of our code? Approx 9 MB minified size https://bundlephobia.com/package/[email protected]

[melvin-bot]

Current assignee @Beamanator is eligible for the AutoAssignerAppLibraryReview assigner, not assigning anyone new.

[melvin-bot]

New Library Review

• Are all the answers in the main description filled out properly and make sense?
• Who maintains the library and how well is it maintained?
• How viable are the alternatives?
• Should we build it ourselves instead?

Once these questions are answered, start a thread in #engineering-chat, ping the @app_deployers group, and call for a vote to accept the new library. Once the vote is complete, update this issue with the outcome and procede accordingly. Here is a sample post:

Hey @app_deployers,

There is a request to add a new library to App that we need to consider. Please look at this GH and then vote :+1: or :-1: on accepting this new library or not.

GH_LINK

[Beamanator]

Waiting for Contrib & C+ to review before sending to the group

[Beamanator]

updated, will bring to slack next week