search

ionic-team / create-stencil

npm init stencil
https://stenciljs.com/
MIT License
50 stars 28 forks source link

npm deprecated warnings on latest create-stencil #588

Open ujas-sidapara opened 1 month ago

ujas-sidapara commented 1 month ago

Default package-json uses glob v7 and puppeteer v21. Both have high severity vulnerabilities

create-stencil package.json >

{
  "name": "starter-component",
  "version": "0.0.1",
  "description": "Stencil Component Starter",
  "main": "dist/index.cjs.js",
  "module": "dist/index.js",
  "types": "dist/types/index.d.ts",
  "collection": "dist/collection/collection-manifest.json",
  "collection:main": "dist/collection/index.js",
  "unpkg": "dist/starter-component/starter-component.esm.js",
  "exports": {
    ".": {
      "import": "./dist/starter-component/starter-component.esm.js",
      "require": "./dist/starter-component/starter-component.cjs.js"
    },
    "./my-component": {
      "import": "./dist/components/my-component.js",
      "types": "./dist/components/my-component.d.ts"
    },
    "./loader": {
      "import": "./loader/index.js",
      "require": "./loader/index.cjs",
      "types": "./loader/index.d.ts"
    }
  },
  "repository": {
    "type": "git",
    "url": "https://github.com/ionic-team/stencil-component-starter.git"
  },
  "files": [
    "dist/",
    "loader/"
  ],
  "scripts": {
    "build": "stencil build",
    "start": "stencil build --dev --watch --serve",
    "test": "stencil test --spec --e2e",
    "test.watch": "stencil test --spec --e2e --watchAll",
    "generate": "stencil generate"
  },
  "devDependencies": {
    "@stencil/core": "^4.7.0",
    "@types/jest": "^29.5.6",
    "@types/node": "^16.18.11",
    "jest": "^29.7.0",
    "jest-cli": "^29.7.0",
    "puppeteer": "^21.9.0"
  },
  "license": "MIT"
}

npm i output>

Now using node v20.15.1 (npm v10.7.0)
# starter-component % npm i     
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated puppeteer@21.11.0: < 22.6.4 is no longer supported

added 352 packages, and audited 353 packages in 16s

38 packages are looking for funding
  run `npm fund` for details

3 high severity vulnerabilities