mbostock
commented
3 months ago Framework doesn’t use punycode directly. The line you linked to is a list of Node’s built-in packages and is used for resolving node imports. I traced the dependency to the psl library.
% NODE_OPTIONS="--trace-deprecation" npm exec @observablehq/framework@1.8.0 create
(node:91409) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
at node:punycode:3:9
at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:398:7)
at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:337:10)
at loadBuiltinModule (node:internal/modules/helpers:96:7)
at Module._load (node:internal/modules/cjs/loader:1037:17)
at Module.require (node:internal/modules/cjs/loader:1271:19)
at require (node:internal/modules/helpers:123:16)
at Object.<anonymous> (/Users/mbostock/.npm/_npx/c018e244498e4b26/node_modules/psl/index.js:5:16)
at Module._compile (node:internal/modules/cjs/loader:1434:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1518:10)The dependency chain is:
@observablehq/framework → jsdom@^23.2.0 → tough-cookie@^4.1.3 → psl@^1.1.33
This was fixed in https://github.com/lupomontero/psl/pull/298, but a new version of psl has not been published in two years, so it’s unclear if this will be fixed anytime soon. This may also be fixed by tough-cookie in https://github.com/salesforce/tough-cookie/pull/346, but it is waiting for a v5 release. It could also be fixed by JSDOM; see https://github.com/jsdom/jsdom/issues/3613. At any rate, the problem is not within this library, unless we’re willing to drop the dependency on JSDOM (and we’re not currently).
Node.js v22.2.0 documentation lists punycode as deprecated: https://nodejs.org/api/punycode.html
However Framework uses this package: https://github.com/observablehq/framework/blob/e4682b3afb4807f863bcd76f0858a8af0c3432a0/src/node.ts#L197
When running commands, I continually encounter this warning:
It would be great if we could find a way to avoid seeing this warning.