Questioning the need for `user` package dependency

Hi, feel free to close this if I'm mistaken and there's actually no problem, but I just want to ask why pdf2json suddenly needed to depend on the [`user` package](https://www.npmjs.com/package/user)?

https://github.com/modesty/pdf2json/blob/da9e5d3c02d21eb41836fd94bb37fc4353687fca/package.json#L72

It was added in b03348ee3527c3c42f2d0d2eb03086d530ae6642 right before the release of Stable build: V3.2.1. The [release notes](https://github.com/modesty/pdf2json/releases/tag/v3.2.1) actually claim:

> keeping zero dependency

which is false.

The `user` package hasn't been updated in 12 years and doesn't really seem to do anything either:

<img width="504" height="455" alt="Image" src="https://github.com/user-attachments/assets/0f660b7a-4a32-4f0e-8c71-1e88209a660a" />

It's kind of suspicious that a package like this is suddenly depended on. Actually, I can't believe that a package like this has any dependents at all, let alone [2807](https://www.npmjs.com/package/user?activeTab=dependents). Just can't help but be a bit paranoid with all the npm exploits being reported these days.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Questioning the need for `user` package dependency #406

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Questioning the need for user package dependency #406

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Questioning the need for `user` package dependency #406