antlr-format uses deprecated packages

[kaby76]

I did a npm i -g --save-dev antlr-format-cli and got this:

$ npm i -g --save-dev antlr-format-cli
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported

changed 88 packages in 3s

16 packages are looking for funding
  run `npm fund` for details
05/30-07:13:53 ~/issues/g4-4121/sql/snowflake
$

[mike-lischke]

That's a pretty new warning. Saw this the first time today in a project of mine where I upgraded dependencies. I didn't investigate further, but I'm pretty sure it's coming from a 4th party dependency and it looks like the warning was added in a point release of that, so it was pulled in automatically. You can run npm list --depth=10 (maybe direct the output to a file) to see where glob is used by one of the 3rd or 4th party modules.

[kaby76]

antlr-format-cli@1.2.5 C:\Users\Kenne\AppData\Roaming\npm\node_modules\antlr-format-cli
├─┬ @readme/better-ajv-errors@1.6.0
│ ├─┬ @babel/code-frame@7.24.6
│ │ ├─┬ @babel/highlight@7.24.6
│ │ │ ├── @babel/helper-validator-identifier@7.24.6
│ │ │ ├─┬ chalk@2.4.2
│ │ │ │ ├─┬ ansi-styles@3.2.1
│ │ │ │ │ └─┬ color-convert@1.9.3
│ │ │ │ │   └── color-name@1.1.3
│ │ │ │ ├── escape-string-regexp@1.0.5
│ │ │ │ └─┬ supports-color@5.5.0
│ │ │ │   └── has-flag@3.0.0
│ │ │ ├── js-tokens@4.0.0
│ │ │ └── picocolors@1.0.1 deduped
│ │ └── picocolors@1.0.1
│ ├─┬ @babel/runtime@7.24.6
│ │ └── regenerator-runtime@0.14.1
│ ├── @humanwhocodes/momoa@2.0.4
│ ├── ajv@8.12.0 deduped
│ ├─┬ chalk@4.1.2
│ │ ├─┬ ansi-styles@4.3.0
│ │ │ └─┬ color-convert@2.0.1
│ │ │   └── color-name@1.1.4
│ │ └─┬ supports-color@7.2.0
│ │   └── has-flag@4.0.0
│ ├─┬ json-to-ast@2.1.0
│ │ ├── code-error-fragment@0.0.230
│ │ └── grapheme-splitter@1.0.4
│ ├── jsonpointer@5.0.1
│ └── leven@3.1.0
├─┬ ajv@8.12.0
│ ├── fast-deep-equal@3.1.3
│ ├── json-schema-traverse@1.0.0
│ ├── require-from-string@2.0.2
│ └─┬ uri-js@4.4.1
│   └── punycode@2.3.1
├─┬ antlr4ng@3.0.4
│ └── antlr4ng-cli@2.0.0
├── commander@12.0.0
├─┬ glob@10.3.10
│ ├─┬ foreground-child@3.1.1
│ │ ├─┬ cross-spawn@7.0.3
│ │ │ ├── path-key@3.1.1
│ │ │ ├─┬ shebang-command@2.0.0
│ │ │ │ └── shebang-regex@3.0.0
│ │ │ └─┬ which@2.0.2
│ │ │   └── isexe@2.0.0
│ │ └── signal-exit@4.1.0
│ ├─┬ jackspeak@2.3.6
│ │ ├─┬ @isaacs/cliui@8.0.2
│ │ │ ├─┬ string-width-cjs@npm:string-width@4.2.3
│ │ │ │ ├── emoji-regex@8.0.0
│ │ │ │ ├── is-fullwidth-code-point@3.0.0
│ │ │ │ └─┬ strip-ansi@6.0.1
│ │ │ │   └── ansi-regex@5.0.1
│ │ │ ├─┬ string-width@5.1.2
│ │ │ │ ├── eastasianwidth@0.2.0
│ │ │ │ ├── emoji-regex@9.2.2
│ │ │ │ └── strip-ansi@7.1.0 deduped
│ │ │ ├─┬ strip-ansi-cjs@npm:strip-ansi@6.0.1
│ │ │ │ └── ansi-regex@5.0.1
│ │ │ ├─┬ strip-ansi@7.1.0
│ │ │ │ └── ansi-regex@6.0.1
│ │ │ ├─┬ wrap-ansi-cjs@npm:wrap-ansi@7.0.0
│ │ │ │ ├── ansi-styles@4.3.0 deduped
│ │ │ │ ├─┬ string-width@4.2.3
│ │ │ │ │ ├── emoji-regex@8.0.0
│ │ │ │ │ ├── is-fullwidth-code-point@3.0.0 deduped
│ │ │ │ │ └── strip-ansi@6.0.1 deduped
│ │ │ │ └─┬ strip-ansi@6.0.1
│ │ │ │   └── ansi-regex@5.0.1
│ │ │ └─┬ wrap-ansi@8.1.0
│ │ │   ├── ansi-styles@6.2.1
│ │ │   ├── string-width@5.1.2 deduped
│ │ │   └── strip-ansi@7.1.0 deduped
│ │ └── @pkgjs/parseargs@0.11.0
│ ├─┬ minimatch@9.0.4
│ │ └─┬ brace-expansion@2.0.1
│ │   └── balanced-match@1.0.2
│ ├── minipass@7.1.2
│ └─┬ path-scurry@1.11.1
│   ├── lru-cache@10.2.2
│   └── minipass@7.1.2 deduped
└─┬ ts-json-schema-generator@1.5.0
  ├── @types/json-schema@7.0.15
  ├── commander@11.1.0
  ├─┬ glob@8.1.0
  │ ├── fs.realpath@1.0.0
  │ ├─┬ inflight@1.0.6
  │ │ ├── once@1.4.0 deduped
  │ │ └── wrappy@1.0.2
  │ ├── inherits@2.0.4
  │ ├─┬ minimatch@5.1.6
  │ │ └── brace-expansion@2.0.1 deduped
  │ └─┬ once@1.4.0
  │   └── wrappy@1.0.2 deduped
  ├── json5@2.2.3
  ├── normalize-path@3.0.0
  ├── safe-stable-stringify@2.4.3
  └── typescript@5.3.3

Looks like gob@8.1.0. but we also see glob@10.3.10. Version 8.1.0 comes from ts-json-schema-generator@1.5.0, but there's a newer version json-schema-generator@2.2.0. Update this?? https://github.com/mike-lischke/antlr-format/blob/59ae436cac9addfc17804df820c123e5e0cd6905/cli/package.json#L39

[mike-lischke]

I have upgraded all dependencies and see no warning anymore.

[kaby76]

Sorry, could you publish the updated antlr-format (or is it antlr-format-cli, or both) in npmjs.org? I still see the issue when I type npm i -g --save-dev antlr-format-cli on my Windows box, and it is still in the builds in grammars-v4 (https://github.com/antlr/grammars-v4/actions/runs/9346564460/job/25721678203#step:15:34). Thanks.

[mike-lischke]

Why's that warning a problem for you? And why can't the package read its own package.json file there?

[kaby76]

I don't know why using deprecated packages is an issue. People generally use out-of-date software all the time. The originating issue was here: https://github.com/antlr/grammars-v4/issues/4120

If I install specific versions of the command-line tool globally, then try to antlr-format *.g4, I get this:

06/03-07:51:42 ~/issues/g4-current/abb
$ npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
npm WARN skipping integrity check for git dependency ssh://git@github.com/mike-lischke/antlr-format.git

added 2 packages, and changed 1 package in 5s
06/03-07:51:56 ~/issues/g4-current/abb
$ npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"

added 2 packages, and changed 1 package in 6s
06/03-07:52:11 ~/issues/g4-current/abb
$ which antlr-format
/c/Users/kenne/AppData/Roaming/npm/antlr-format
06/03-07:52:15 ~/issues/g4-current/abb
$ ls
abbLexer.g4  abbParser.g4  desc.xml  examples/  Generated-CSharp/  pom.xml  readme.txt
06/03-07:52:20 ~/issues/g4-current/abb
$ antlr-format *.g4
Error reading package.json file: ENOENT: no such file or directory, open 'C:\msys64\home\Kenne\issues\g4-current\abb\package.json'
06/03-07:52:25 ~/issues/g4-current/abb
$

Yes, the npm i for the specific git commit got rid of the warnings for deprecated packages, but then antlr-format command-line tool no longer works for me as it is expecting a package.json file locally in the directory containing the .g4 files.

I can then work around the work around with this:

06/03-08:00:26 ~/issues/g4-current/abb
$ npm i --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"

up to date, audited 4 packages in 5s

found 0 vulnerabilities
06/03-08:00:35 ~/issues/g4-current/abb
$ antlr-format *.g4

antlr-format, processing options...

formatting 2 file(s)...

done [63 ms]

06/03-08:00:40 ~/issues/g4-current/abb
$ ls
abbLexer.g4   desc.xml   Generated-CSharp/  package.json       pom.xml
abbParser.g4  examples/  node_modules/      package-lock.json  readme.txt
06/03-08:00:42 ~/issues/g4-current/abb
$ git clean -f .
Removing package.json
06/03-08:00:51 ~/issues/g4-current/abb
$ ls
abbLexer.g4  abbParser.g4  desc.xml  examples/  Generated-CSharp/  node_modules/  package-lock.json  pom.xml  readme.txt
06/03-08:00:58 ~/issues/g4-current/abb
$ rm -rf node_modules/
06/03-08:01:04 ~/issues/g4-current/abb
$

I will then need to delete the package.json and node_modules/ directory as I do not want to add package.json to all 353 grammars in grammars-v4. So, I can write a Bash script to do all this:

$ bash ../_scripts/the-real-antlr-format.sh *.g4
+ npm i -g --save-dev https://github.com/mike-lischke/antlr-format.git#c32c093ade52e81ed051ce689ccf5386c57c1a8c
npm WARN skipping integrity check for git dependency ssh://git@github.com/mike-lischke/antlr-format.git

added 2 packages, and changed 1 package in 4s
+ npm i -g --save-dev https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c

added 2 packages, and changed 1 package in 6s
+ npm i --save-dev https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c

added 3 packages in 13s
+ antlr-format abbLexer.g4 abbParser.g4

antlr-format, processing options...

formatting 2 file(s)...

done [65 ms]

+ rm -rf package.json node_modules/
06/03-08:16:44 ~/issues/g4-current/abb
$ cat ../_scripts/the-real-antlr-format.sh
#
set -x
npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
npm i -g --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
npm i --save-dev "https://github.com/mike-lischke/antlr-format.git/tree/main/cli#c32c093ade52e81ed051ce689ccf5386c57c1a8c"
antlr-format "$@"
rm -rf package.json node_modules/

06/03-08:16:58 ~/issues/g4-current/abb
$

There's probably a better way to achieve this but I'm not sure.

[mike-lischke]

The json file path is relative to the importing script, so even if you change the current workdir (e.g. to the grammar) it should still find the JSON file next to itself. But the cli tool is a bundle, maybe that plays a role? I need to find time to investigate that problem.

[mike-lischke]

I released a new version of the CLI tool. Hope that solves all this.

[kaby76]

Works perfect! Thanks for the update!