Uncareted `sanitize.css` dependency causing failure while requiring `postcss-normalize`

csstools / postcss-normalize

Use the parts of normalize.css (or sanitize.css) you need from your browserslist

Creative Commons Zero v1.0 Universal

816 stars 40 forks source link

Uncareted `sanitize.css` dependency causing failure while requiring `postcss-normalize` #58

Closed 10hendersonm closed 2 years ago

10hendersonm commented 2 years ago

sanitize.css@13.0.0 removes file page.css, which is directly referenced in cssMap.js:

https://github.com/csstools/postcss-normalize/blob/5b80f53e46d43d297d7deaec4704c044fa38fb69/src/lib/cssMap.js#L16

As sanitize.css is installed at version * rather than something like 12.0.0 or ^12.0.0, npm users are auto-upgraded into this breaking sanitize.css version. This includes users of create-react-app's react-scripts.

avin commented 2 years ago

temp solution for package.json

  "scripts": {
     ...
    "preinstall": "npm install --package-lock-only --ignore-scripts && npx npm-force-resolutions"
  }, 
  ...
  "resolutions": {
    "sanitize.css": "12.0.1"
  }

jonathantneal commented 2 years ago

So, @10hendersonm, would an appropriate solution be to protect that code from throwing and releasing that in patch today? Or to force page.css back into sanitize.css?

I can definitely "coordinate" this.

10hendersonm commented 2 years ago

I'll be 100% honest that this isn't my usual space. I dropped a PR (https://github.com/csstools/postcss-normalize/pull/59) but haven't had a chance to check this repo's normal workflows yet to see if I missed any other requirements.

10hendersonm commented 2 years ago

Oh, hah, @jonathantneal I didn't realize you have sanitize.css as well. You can either code around the removed file, pin this back to the previous sanitize.css version, add it back in sanitize.css, etc. I'm cool with anything, I just don't have direct access to this level of dependencies as npm doesn't have resolutions yet without additional tooling (thanks @avin)

DavidHenri008 commented 2 years ago

I was also having the same problem where the sanitiza.css was somehow not found. The suggested workaround worked for me.

rajrajhans commented 2 years ago

Can confirm this issue causes create-react-app to fail, giving the following error on start or build:

ERROR in ./src/index.css (./node_modules/css-loader/dist/cjs.js??ruleSet[1].rules[1].oneOf[5].use[1]!./node_modules/react-scripts/node_modules/postcss-loader/dist/cjs.js??ruleSet[1].rules[1].oneOf[5].use[2]!./node_module

Loading PostCSS "postcss-normalize" plugin failed: Cannot find module 'sanitize.css/page.css'
Require stack:
- ... \node_modules\react-scripts\node_modules\postcss-normalize\index.cjs

LQ0611 commented 2 years ago

I have the same question :'cannot find module ‘sanitize.css/page.css’'

rajrajhans commented 2 years ago

@LQ0611 for now, a temporary fix would be to pin sanitize.css to 12.0.1.

Add this in your package.json

"resolutions": {
   "sanitize.css": "12.0.1"
}

LQ0611 commented 2 years ago

Oh, yeah,i do this now. and I hope this question could be completely solved .thank you very much

2021年9月15日下午3:32，Raj Rajhans @.***> 写道：

@LQ0611 https://github.com/LQ0611 for now, a temporary fix would be to pin sanitize.css to 12.0.1.

Add this in your package.json

"resolutions": { "sanitize.css": "12.0.1" } — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/csstools/postcss-normalize/issues/58#issuecomment-919772521, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJ5NG54LK3S3MGCMYCRM3H3UCBDYPANCNFSM5EAQJATQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

yoyo837 commented 2 years ago

@LQ0611 for now, a temporary fix would be to pin sanitize.css to 12.0.1.

Add this in your package.json
"resolutions": {
   "sanitize.css": "12.0.1"
}

It only works on yarn.

yoyo837 commented 2 years ago

Vote this 😄

LQ0611 commented 2 years ago

yeah，' resolutions' is a temporary way, of course , the base way is that the problem is resolved by owner , hahaha

LQ0611 commented 2 years ago

[ ] 1. Pin sanitize.css to 12.x versioning #59

[ ] 2. Removed references to sanitize.css/pages.css #60

Vote this 😄

1，maybe someone useing pages.css?

10hendersonm commented 2 years ago

Without updating the sanitize.css dependency semver range, does this in essence prevent sanitize.css from ever being allowed to breaking change again?

bmuenzenmeyer commented 2 years ago

the right thing to do is revisit https://github.com/csstools/postcss-normalize/blob/HEAD/CHANGELOG.md#900-april-12-2020 which introduced the * dependency concept. we have goodwill semver releases like https://github.com/csstools/sanitize.css/releases/tag/v13.0.0 that unintentionally broke downstream

jonathantneal commented 2 years ago

@bmuenzenmeyer, aye. For now, I’m side-stepping the issue by using path.join rather than resolve to prevent throws.