search

phaserjs / template-importmap

A Phaser 3 project template that uses Import Maps instead of a bundler
MIT License
5 stars 2 forks source link

1 high vulnerability after npm install #1

Closed davidromani closed 8 months ago

davidromani commented 8 months ago

Hey there.

I'm very interested on this template and I'm giving it a try.

I've just discovered that after running npm install command it shows me this warnings' list. It's possible to solve it? Thanks in advance.

$ npm install

added 158 packages, and audited 159 packages in 611ms

8 packages are looking for funding
  run `npm fund` for details

4 vulnerabilities (3 moderate, 1 high)

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.
davidromani commented 8 months ago

Then, if I run npm audit command outputs this:

$ npm audit
# npm audit report

axios  0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/axios
  localtunnel  >=1.9.0
  Depends on vulnerable versions of axios
  node_modules/localtunnel
    browser-sync  2.24.0-rc1 - 3.0.0-alpha.2
    Depends on vulnerable versions of localtunnel
    node_modules/browser-sync
      lite-server  *
      Depends on vulnerable versions of browser-sync
      node_modules/lite-server

4 vulnerabilities (3 moderate, 1 high)

Some issues need review, and may require choosing
a different dependency.
gammafp commented 8 months ago

Hi @davidromani.

I've fixed the dependency issue with lite-server; everything should be correct now. Apologies for the inconvenience caused. When we made this template, these vulnerabilities were not flagged, but it's now fixed. Please delete the version you've downloaded and download the new one.

Thank you.

davidromani commented 8 months ago

Thank you so much @gammafp! Now, it works perfectly!!

I've another question that I made in #phaser-3 Discord server (without answer) related with this template... as here are not allowed discussions maybe you can help me...

It's possible to use phaserjs/template-importmap combined with Typescript? In other words... it's possible to use Typescript with importmap way to load ES modules?

photonstorm commented 8 months ago

I replied on Discord to you, but for anyone who finds this in the future: essentially, no.

Typescript is not native to the browser. To use it you have to transpile it to JavaScript. The only language the browser can run natively.

To use TS you need to use a bundler or similar, which we have plenty of alternative templates for that.

davidromani commented 8 months ago

Thanks for your attention @photonstorm

Just googling around Typescript transpiler I found this tool that seems pretty awesome. Maybe SWC will be useful to keep this importmap template as is, enabling the power of Typescript with just a tool (not with a full bundler/packager solution).

photonstorm commented 8 months ago

That would make this an SWC + TypeScript template. The point of this template specifically is you don't need to install anything, you can simply just code immediately.