Bump read-pkg to v6, make other changes for linting to pass

mysticatea / npm-run-all

A CLI tool to run multiple npm-scripts in parallel or sequential.

MIT License

5.72k stars 240 forks source link

Bump read-pkg to v6, make other changes for linting to pass #205

Closed kachkaev closed 1 year ago

kachkaev commented 3 years ago

In scope:

Fix #204 (CVE-2021-23362)
Replace require("read-pkg") with await import("read-pkg") because read-pkg@v6 is esm-only
Upgrade eslint from ^4.19.1 to ^6.8.0 and replace "eslint-config-mysticatea": "^12.0.0" with "@mysticatea/eslint-plugin": "^13.0.0" to support syntax parsing for await import()
Make tweaks throughout the codebase for npm run test to pass (mostly to do with new ESLint rules)

Out of scope

Bump more deps to fix all dev package vulnerabilities. There are still quite a few:

npm audit
# found 173 vulnerabilities (118 low, 1 moderate, 53 high, 1 critical) in 659 scanned packages

npm audit --prod
# found 0 vulnerabilities

Breaking

Node versions in packge.json engines is now: ^12.17 || >= 14 (was >= 4)

kachkaev commented 3 years ago

Not sure what’s wrong, but I’m seeing this in AppVeyor:

> npm-run-all@4.1.5 _mocha C:\projects\npm-run-all
> mocha "test/*.js" --timeout 120000
internal/modules/cjs/loader.js:818
  throw err;
  ^
Error: Cannot find module 'C:\projects\npm-run-all\node'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
    at internal/main/run_main_module.js:17:47 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! npm-run-all@4.1.5 _mocha: `mocha "test/*.js" --timeout 120000`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the npm-run-all@4.1.5 _mocha script.
npm ERR! This is probably not a prob

This error does not make sense at all: Cannot find module 'C:\projects\npm-run-all\node'. Tests pass locally on macOS.

kachkaev commented 3 years ago

👋 @mysticatea what are your thoughts on the failing AppVeyor?

kachkaev commented 3 years ago

@mysticatea 👋🙏

SayakMukhopadhyay commented 3 years ago

@kachkaev There is a fork at https://github.com/bcomnes/npm-run-all2. I am myself not sure whether to use this or the forked package but it seems like the fork is well updated. Could you check if your changes in this PR are also present in that fork. Then maybe @mysticatea can get the changes from the fork.

Also, @mysticatea it would be great if you went through the PRs. Or if you don't want to maintain, maybe you can deprecate this project or hand it over to another maintainer so that existing users know what to use. Looking forward to a response.

kachkaev commented 3 years ago

@mysticatea 👋😅

kachkaev commented 1 year ago

I deleted the fork to clean up the list of my repos. Feel free to re-use the diff in this PR though!