`webfonts-generator` is now read only

[karelbilek]

webfonts-generator - a dependency of this module - is now read-only on github; I think that means the author doesn't want to update it anymore

https://github.com/sunflowerdeath/webfonts-generator

it does not seem to cause any issue yet

[instantlinux]

There is a big issue: it depends (via its dependency on ttf2woff2) on an old version of minimist which has vulnerability CVE-2020-7598. That means this can no longer be used in production.

[karelbilek]

Oh damn. So this should be either updated or reworked.

[instantlinux]

A colleague noticed: minimist is referenced in this repo (https://github.com/Workshape/icon-font-generator/blob/a9ac3b34c7343ee6157176a6a2af00e29939b41c/package.json#L19) so maybe it can be fixed by simply bumping the version from 1.2.0 to 1.2.5. It won't solve the lack of support by author of webfonts-generator, which will take a lot more effort to fix.

[karelbilek]

I would say "make a PR" but it seems even PRs in this repo seem unmerged, so... I don't think that would help either :(

[karelbilek]

anyway, instead of depending on this, I made my own docker images for docker. It's not related to node at all, but it works for me. (docker is required, and some custom scripting to run it is necessary)

https://github.com/karel-3d/fontcustom-docker

and this thing to fix the issue in fontcustom with un-centered SVGs

https://github.com/karel-3d/center-svg-docker

it's very complex for "a simple task", but the only thing I managed.

[jimmyandrade]

@karelbilek @instantlinux

Do you continue to use icon-font-generator or have you adopted any other library? I am evaluating the icon-font-generator but I am afraid, due to this issue of dependencies.

Thank you

[TimGeibel]

it does not seem to cause any issue yet

I'm afraid it does, see issue #83 :(

[karelbilek]

@jimmyandrade I instead wrote this little thing

https://github.com/karelbilek/fontcustom-golang-svg-center-docker

that uses fontcustom and inkscape inside docker to create the font. (I have not been able to install fontcustom outside of docker. Too many dependencies.)

I use this to generate icon font.

It requires docker and is not node.js at all. (It uses a lot of black magic underneath, but it works.)

It is ugly and I planned to make it less hairy and more user friendly... but no time :(

[tancredi]

As this was the biggest issue with the library, I've just deprecated icon-font-generator and published a complete rewrite (has breaking changes) -> fantasticon

It's typescript and has good test coverage, which should make it way easier to maintain and accept contributors 👍