When I ran npm install as instructed, I was unable to complete the installation.
The followings are logs.
$ ncu
@babel/cli ^7.14.3 → ^7.20.7
@babel/core ^7.14.3 → ^7.20.12
@babel/plugin-transform-runtime ^7.14.3 → ^7.19.6
@babel/preset-env ^7.14.4 → ^7.20.2
@babel/runtime ^7.14.0 → ^7.20.13
babel-jest ^24.8.0 → ^29.4.3
coveralls ^3.1.0 → ^3.1.1
cross-env ^5.2.1 → ^7.0.3
eslint ^5.16.0 → ^8.34.0
eslint-config-airbnb-base ^14.2.1 → ^15.0.0
eslint-plugin-import ^2.23.4 → ^2.27.5
husky ^2.4.0 → ^8.0.3
jest ^24.8.0 → ^29.4.3
lint-staged ^8.2.0 → ^13.1.2
Run ncu -u to upgrade package.json
$ ncu -u
@babel/cli ^7.14.3 → ^7.20.7
@babel/core ^7.14.3 → ^7.20.12
@babel/plugin-transform-runtime ^7.14.3 → ^7.19.6
@babel/preset-env ^7.14.4 → ^7.20.2
@babel/runtime ^7.14.0 → ^7.20.13
babel-jest ^24.8.0 → ^29.4.3
coveralls ^3.1.0 → ^3.1.1
cross-env ^5.2.1 → ^7.0.3
eslint ^5.16.0 → ^8.34.0
eslint-config-airbnb-base ^14.2.1 → ^15.0.0
eslint-plugin-import ^2.23.4 → ^2.27.5
husky ^2.4.0 → ^8.0.3
jest ^24.8.0 → ^29.4.3
lint-staged ^8.2.0 → ^13.1.2
Run npm install to install new versions.
$ npm install
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
added 889 packages, and audited 890 packages in 22s
123 packages are looking for funding
run `npm fund` for details
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm audit
# npm audit report
terser <4.8.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix --force`
Will install uglifyify@5.0.0, which is a breaking change
node_modules/terser
uglifyify >=5.0.1
Depends on vulnerable versions of terser
node_modules/uglifyify
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
$ npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating uglifyify to 5.0.0, which is a SemVer major change.
npm WARN deprecated uglify-es@3.3.9: support for ECMAScript is superseded by `uglify-js` as of v3.13.0
added 4 packages, removed 3 packages, changed 1 package, and audited 891 packages in 2s
123 packages are looking for funding
run `npm fund` for details
# npm audit report
extend <2.0.2
Severity: moderate
Prototype Pollution in extend - https://github.com/advisories/GHSA-qrmc-fj45-qfc2
fix available via `npm audit fix`
node_modules/uglifyify/node_modules/extend
uglifyify 2.2.0 - 5.0.1
Depends on vulnerable versions of extend
node_modules/uglifyify
2 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
$ npm audit fix
added 3 packages, removed 4 packages, changed 1 package, and audited 890 packages in 2s
123 packages are looking for funding
run `npm fund` for details
# npm audit report
terser <4.8.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
uglifyify >=5.0.1
Depends on vulnerable versions of terser
node_modules/uglifyify
2 high severity vulnerabilities
To address all issues, run:
npm audit fix
$ npm audit fix
up to date, audited 890 packages in 1s
123 packages are looking for funding
run `npm fund` for details
# npm audit report
terser <4.8.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
uglifyify >=5.0.1
Depends on vulnerable versions of terser
node_modules/uglifyify
2 high severity vulnerabilities
To address all issues, run:
npm audit fix
I cloned into another directory to confirm if the yarn worked or not.
$ yarn instal
yarn install v1.22.19
info No lockfile found.
[1/5] 🔍 Validating package.json...
[2/5] 🔍 Resolving packages...
warning babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
warning babel-jest > @jest/transform > jest-haste-map > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning babel-jest > @jest/transform > jest-haste-map > sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
warning babel-jest > @jest/transform > micromatch > snapdragon > source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
warning babel-jest > @jest/transform > micromatch > snapdragon > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
warning babel-jest > @jest/transform > micromatch > snapdragon > source-map-resolve > source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
warning babel-jest > @jest/transform > micromatch > snapdragon > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning browserify > url > querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
warning coveralls > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning coveralls > request > har-validator@5.1.5: this library is no longer supported
warning coveralls > request > uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > left-pad@1.3.0: use String.prototype.padStart()
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
[3/5] 🚚 Fetching packages...
[4/5] 🔗 Linking dependencies...
[5/5] 🔨 Building fresh packages...
success Saved lockfile.
✨ Done in 35.91s.
$ yarn build
yarn run v1.22.19
$ npm run build:cjs && npm run build:umd && npm run build:umd:min
> kuroshiro@1.2.0 build:cjs
> cross-env BABEL_ENV=cjs babel src --out-dir lib
Successfully compiled 3 files with Babel (355ms).
> kuroshiro@1.2.0 build:umd
> cross-env BABEL_ENV=umd NODE_ENV=development browserify src/index.js -s Kuroshiro -o dist/kuroshiro.js -t [ babelify ]
> kuroshiro@1.2.0 build:umd:min
> cross-env BABEL_ENV=umd NODE_ENV=production browserify src/index.js -s Kuroshiro -g uglifyify -o dist/kuroshiro.min.js -t [ babelify ]
✨ Done in 3.77s.
To be honest with you, I'm not familiar with Node.js, but it seems wired to see deprecated packages exist.
I wonder if the files built by yarn are usable or not.
Environment
When I ran
npm installas instructed, I was unable to complete the installation.The followings are logs.
I cloned into another directory to confirm if the yarn worked or not.
To be honest with you, I'm not familiar with Node.js, but it seems wired to see deprecated packages exist.
I wonder if the files built by yarn are usable or not.