search

mayeaux / generate-subtitles

Generate transcripts for audio and video content with a user friendly UI, powered by Open AI's Whisper with automatic translations and download videos automatically with yt-dlp integration
https://freesubtitles.ai
755 stars 103 forks source link

Warnings during installion. SyntaxError: Unexpected identifier After running. #38

Closed Patrikkk closed 1 year ago

Patrikkk commented 1 year ago

When I run npm install I get the following critical warnings.

PS H:\GitHub\generate-subtitles> npm install
npm WARN deprecated transformers@2.1.0: Deprecated, use jstransformer
npm WARN deprecated constantinople@3.0.2: Please update to at least constantinople 3.1.1
npm WARN deprecated jade@1.11.0: Jade has been renamed to pug, please install the latest version of pug instead of jade

added 59 packages, removed 19 packages, changed 31 packages, and audited 292 packages in 4s

31 packages are looking for funding
  run `npm fund` for details

13 vulnerabilities (2 low, 4 moderate, 3 high, 4 critical)

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Running npm audit

PS H:\GitHub\generate-subtitles> npm audit
# npm audit report

clean-css  <4.1.11
Regular Expression Denial of Service in clean-css - https://github.com/advisories/GHSA-wxhq-pm8v-cw75
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/clean-css
  jade  >=0.30.0
  Depends on vulnerable versions of clean-css
  Depends on vulnerable versions of constantinople
  Depends on vulnerable versions of transformers
  node_modules/jade

constantinople  <3.1.1
Severity: critical
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople - https://github.com/advisories/GHSA-4vmm-mhcq-4x9j
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/constantinople

debug  <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install body-parser@1.20.1, which is outside the stated dependency range
node_modules/debug
  body-parser  <=1.18.1
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of qs
  node_modules/body-parser
  morgan  <=1.9.0
  Depends on vulnerable versions of debug
  node_modules/morgan

express  <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.7
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
Depends on vulnerable versions of qs
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
fix available via `npm audit fix --force`
Will install express@4.18.2, which is outside the stated dependency range
node_modules/express

mime  <1.4.1
Severity: moderate
mime Regular Expression Denial of Service when mime lookup performed on untrusted user input - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp
fix available via `npm audit fix --force`
Will install express@4.18.2, which is outside the stated dependency range
node_modules/mime
  send  <=0.15.6
  Depends on vulnerable versions of mime
  node_modules/send
    serve-static  <=1.12.6
    Depends on vulnerable versions of send
    node_modules/serve-static

qs  <=6.2.3 || 6.5.0 - 6.5.2
Severity: high
Prototype Pollution Protection Bypass in qs - https://github.com/advisories/GHSA-gqgv-6jq5-jjj9
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install express@4.18.2, which is outside the stated dependency range
node_modules/express/node_modules/qs
node_modules/qs

uglify-js  <=2.5.0
Severity: critical
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js - https://github.com/advisories/GHSA-34r7-q49f-h37c
Regular Expression Denial of Service in uglify-js - https://github.com/advisories/GHSA-c9f4-xj24-8jqx
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/transformers/node_modules/uglify-js
  transformers  2.0.0 - 3.0.1
  Depends on vulnerable versions of uglify-js
  node_modules/transformers

13 vulnerabilities (2 low, 4 moderate, 3 high, 4 critical)

To address all issues (including breaking changes), run:
  npm audit fix --force

When I run npm audit fix --force a couple times, the issue goes away and it installs. I run npm start. It starts up without errors. But when I navigate to the site, it throws the following error.

SyntaxError: Unexpected identifier
    at new Function (<anonymous>)
    at exports.compile (H:\GitHub\generate-subtitles\node_modules\jade\lib\jade.js:171:8)
    at exports.render (H:\GitHub\generate-subtitles\node_modules\jade\lib\jade.js:205:17)
    at exports.renderFile [as engine] (H:\GitHub\generate-subtitles\node_modules\jade\lib\jade.js:233:13)
    at View.render (H:\GitHub\generate-subtitles\node_modules\express\lib\view.js:135:8)
    at tryRender (H:\GitHub\generate-subtitles\node_modules\express\lib\application.js:657:10)
    at Function.render (H:\GitHub\generate-subtitles\node_modules\express\lib\application.js:609:3)
    at ServerResponse.render (H:\GitHub\generate-subtitles\node_modules\express\lib\response.js:1039:7)
    at H:\GitHub\generate-subtitles\app.js:133:7
    at Layer.handle_error (H:\GitHub\generate-subtitles\node_modules\express\lib\router\layer.js:71:5)
osb910 commented 1 year ago

Fixed in fix-dependencies-issue branch. I used pug instead of jade which I think was going to happen sooner or later. Jade had many issues because of deprecated code/dependencies. I also did some auto-linting to a lot of js files. You should now be able to run the app and do a transcription. It also might be a good idea to delete the node_modules folder and the package-lock.json file and do npm install, just to be on the safe side.

mayeaux commented 1 year ago

Merged, thanks for pointing this out!