Closed marvinhagemeister closed 4 years ago
Sadly acorn v6 has changed so much it breaks nodent (probably its plugin). I might consider an upgrade, but I'll have to write a whole new acorn plugin and stack on top of it, which I have no need to do myself. Partly the issue is the non-standard features (eg async get
and async return
). If you're not using them, I'd be happy to receive a PR to use acorn 6 with the warning that the optional nodent non-standard features are unsupported. It should then run without the plugin and pretty much work out of the box (I might regret that statement).
...actually, modding the code to work with acorn v6 with noNodentDependencies
is reasonably easy (I've push a version to the branch at https://github.com/MatAtBread/nodent-compiler/tree/issue/114).
The issue is I can't see a way to specify precedence in package.json dependancies. I want to specify acorn@5
preferentially, but allow acorn@6
(which works with noNodentExtensions
, but would break lots of existing code that uses the extensions). The semver 5.x.x || 6.x.x
still installs 6.0.2
from fresh, even though 5 is preferable.
Obviously, the real solution here is to re-implement acorn-es7-plugin
so it provides support for the nodent extensions under acorn v6, but as I said, I don't have time to look at that right now (and reverse engineering acorn was never much fun)
Hi @matAtWork is it possible to merge this PR in order to resolve acorn security warnings?
@teodragovic - done
Over at https://github.com/developit/microbundle/issues/74 we're having issues because of breaking changes in the plugin interface of
acorn
.Having multiple versions of
acorn
installed at the same time via npm leads to the problems with plugins as they may be interfacing with the wrong version foacorn
depending on how the packages have been hoisted insidenode_modules
.This issue can be resolved by upgrading
nodent-compiler
to rely onacorn v6+
.