Open hovinen opened 5 months ago
I also have problems installing I guess @hovinen s problem with puppeteer is also related to the deprecated gulp-util
:~/development/reveal.js$ npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating gulp-header to 1.8.9,which is a SemVer major change.
npm WARN deprecated gulp-header@1.8.9: Removed event-stream from gulp-header
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
added 37 packages, changed 3 packages, and audited 924 packages in 5s
79 packages are looking for funding
run `npm fund` for details
# npm audit report
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix`
node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp-util
2 high severity vulnerabilities
https://github.com/orgs/gulpjs/discussions/2633 seems like one should not use gulp anymore :-S what do others think about that?
I have the same issue. Any progress on this?
Looks like gulp 5 is out now, maybe an upgrade will help with these install issues.
I don’t think gulp is really the issue here, it’s puppeteer.
I removed "node-qunit-puppeteer" from package.json, and then I could run npm install
without issues. Then I just had to comment out/remove the line const qunit = require('node-qunit-puppeteer')
from gulpfile.js so I could run any commands. (I think just testing requires puppeteer, so building works fine.)
Here’s the relevant part of the npm log that shows that somehow the culprit seems to be puppeteer’s postinst command:
601 info run core-js@3.33.1 postinstall node_modules/core-js node -e "try{require('./postinstall')}catch(e){}"
602 info run es5-ext@0.10.62 postinstall node_modules/es5-ext node -e "try{require('./_postinstall')}catch(e){}" || exit 0
603 info run puppeteer@19.11.1 postinstall node_modules/puppeteer node install.js
604 info run es5-ext@0.10.62 postinstall { code: 0, signal: null }
605 info run core-js@3.33.1 postinstall { code: 0, signal: null }
606 info run puppeteer@19.11.1 postinstall { code: 1, signal: null }
607 verbose stack Error: command failed
607 verbose stack at ChildProcess.<anonymous> (/snap/node/8863/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/lib/index.js:53:27)
607 verbose stack at ChildProcess.emit (node:events:517:28)
607 verbose stack at maybeClose (node:internal/child_process:1098:16)
607 verbose stack at ChildProcess._handle.onexit (node:internal/child_process:303:5)
608 verbose pkgid puppeteer@19.11.1
609 verbose cwd <redacted>/reveal.js
610 verbose Linux 6.5.0-1027-oem
611 verbose node v18.20.4
612 verbose npm v10.7.0
613 error code 1
614 error path <redacted>/reveal.js/node_modules/puppeteer
615 error command failed
616 error command sh -c node install.js
617 verbose exit 1
618 verbose code 1
Seems to be related to puppeteer. This is on a fresh checkout from GitHub as of the time of writing (9 April 2024).
OS: Ubuntu 23.10
Output:
Log file:
Since puppeteer is a dev dependency, I tried omitting that with
--omit dev
. Thennpm install
runs butnpm start
does not:So I'm stuck. Any help would be appreciated. Thanks!
(P.S. Please note that I can't globally downgrade node due to other obligations. But also, since the documentation doesn't give a maximum version of node with which reveal.js is compatible, I wouldn't know to which version to downgrade.)