search

httptoolkit / httptoolkit-server

The backend of HTTP Toolkit
https://httptoolkit.com
GNU Affero General Public License v3.0
447 stars 101 forks source link

npm install error: sentry-cli #27

Closed mrbluecoat closed 3 years ago

mrbluecoat commented 3 years ago

I did agit clone followed by an npm install on a raspberry pi 4 and got an error

Unable to download sentry-cli binary from https://downloads.sentry-cdn.com/sentry-cli/1.61.0/sentry-cli-Linux-arm64

There were also a lot of npm WARN deprecated messages, including an unmaintained core-js@3.1.4

mrbluecoat commented 3 years ago

Ref https://github.com/getsentry/sentry-cli/issues/676

mrbluecoat commented 3 years ago

Updating https://github.com/httptoolkit/httptoolkit-server/blob/master/package.json#L71 to 1.63.1 should fix it

pimterry commented 3 years ago

Hmm, interesting. I don't have a raspberry pi I can easily test this on to hand right now, but if you want to make the quick change required, test it works for you, and then open a PR, I'd happily accept it :smile:

mrbluecoat commented 3 years ago

I was mistaken, 1.16.0 appears to be the latest npm version.

I'll test with ncu and send a PR this weekend

npm i -g npm-check-updates
ncu -u -t latest
npm install
npm audit fix --force
pimterry commented 3 years ago

Ok, thanks!

If possible, I'd rather not update everything all at once like those commands will do though. That will update past many breaking version bumps, so it'll almost certainly break everything completely, and there's likely to be many other new subtle issues introduced. A big update like that needs some extensive testing and review first. There are deprecated packages used in here, but they work fine in their current state, and I'm confident there's no vulnerabilities from any of those that affect this repo, so while it's nice to do it's not strictly necessary at all (if you are aware of any real vulnerabilities, please get in touch by email instead, not here - I'm tim@httptoolkit.tech).

For now, I would just update the specific sentry packages that are broken for you, and check that that solves your issue. I'm open to PRs with other updates, but wide-ranging updates taking everything to the latest version and using audit fix --force like that have approximately 0% chance of even compiling I'm afraid :smile:.

mrbluecoat commented 3 years ago

Sounds good. So far sentry, uid, and browser-launcher need attention (with the latter being a security notice)

mrbluecoat commented 3 years ago

Email sent regarding the latter and using "uid": "^2.0.0" and " @sentry/webpack-plugin": "^1.16.0" for my testing

mrbluecoat commented 3 years ago

The fix is two-fold. Once the browser-launcher update lands I'll push a PR fix for httptoolkit-server