search

vgteam / sequenceTubeMap

displays multiple genomic sequences in the form of a tube map
MIT License
178 stars 24 forks source link

npm install throws warnings #105

Open adamnovak opened 3 years ago

adamnovak commented 3 years ago

@brettChapman reported that a plain npm install does not work, because some pachages are missing, and that a workaround has to be used instead:

npm install
npm audit fix
npm run build

https://github.com/vgteam/sequenceTubeMap/issues/101#issuecomment-781860598

We should fix the install process and/or package dependency versions so that this workaround is not needed.

adamnovak commented 3 years ago

I can't quite reproduce this:

[anovak@octagon sequenceTubeMap]$ npm install
npm WARN deprecated babel-eslint@10.0.1: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated eslint-loader@2.1.2: This loader has been deprecated. Please use eslint-webpack-plugin
npm WARN deprecated fsevents@2.0.6: "Please update to latest v2.3 or v2.2"
npm WARN deprecated popper.js@1.16.1: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart()
npm WARN deprecated core-js@2.6.12: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

> bufferutil@4.0.3 install /home/anovak/workspace/sequenceTubeMap/node_modules/bufferutil
> node-gyp-build

> utf-8-validate@5.0.4 install /home/anovak/workspace/sequenceTubeMap/node_modules/utf-8-validate
> node-gyp-build

> @fortawesome/fontawesome-common-types@0.2.34 postinstall /home/anovak/workspace/sequenceTubeMap/node_modules/@fortawesome/fontawesome-common-types
> node attribution.js

Font Awesome Free 0.2.34 by @fontawesome - https://fontawesome.com
License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)

> core-js@2.6.12 postinstall /home/anovak/workspace/sequenceTubeMap/node_modules/babel-runtime/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: 
> https://opencollective.com/core-js 
> https://www.patreon.com/zloirock 

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

> core-js@3.9.1 postinstall /home/anovak/workspace/sequenceTubeMap/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

> @fortawesome/fontawesome-svg-core@1.2.34 postinstall /home/anovak/workspace/sequenceTubeMap/node_modules/@fortawesome/fontawesome-svg-core
> node attribution.js

Font Awesome Free 1.2.34 by @fontawesome - https://fontawesome.com
License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)

> @fortawesome/free-solid-svg-icons@5.15.2 postinstall /home/anovak/workspace/sequenceTubeMap/node_modules/@fortawesome/free-solid-svg-icons
> node attribution.js

Font Awesome Free 5.15.2 by @fontawesome - https://fontawesome.com
License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License)

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.0.6 (node_modules/react-scripts/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.0.6: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules/jest-haste-map/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.1 (node_modules/watchpack/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN bootstrap@4.3.1 requires a peer of jquery@1.9.1 - 3 but none is installed. You must install peer dependencies yourself.
npm WARN @typescript-eslint/eslint-plugin@1.6.0 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN @typescript-eslint/parser@1.6.0 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN ts-pnp@1.1.2 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN @typescript-eslint/typescript-estree@1.6.0 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN tsutils@3.20.0 requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
npm WARN sequence-tube-maps@0.1.0 No repository field.

added 1604 packages from 937 contributors and audited 1609 packages in 28.819s
found 6 vulnerabilities (1 low, 2 moderate, 3 high)
  run `npm audit fix` to fix them, or `npm audit` for details
[anovak@octagon sequenceTubeMap]$ echo $?
0
[anovak@octagon sequenceTubeMap]$ npm --version
6.7.0
[anovak@octagon sequenceTubeMap]$ node --version
v11.15.0

Overall, the install succeeds. No workaround seems to be necessary; I can turn around and npm run build.

It throws up a bunch of warnings. Many are because we don't invest a couple hours every week in bumping module dependency versions, and Node modules tend to become deprecated to the point of needing a warning every few months.

Some are because we don't pull in peer dependencies. @typescript-eslint/eslint-plugin for example is here as a dependency of react-scripts, which I suppose is written in TypeScript, or somehow supports TypeScript. We don't seem to actually need TypeScript around for the scripts from react-scripts to work; they back our npm run build which works just fine as is. So I'm not sure why the erroneous peer dependency relationship exists.

If we want a quieter and less alarming install, someone will have to:

  1. Update all the deprecated packages to non-deprecated versions.
  2. Fix any resulting incompatibilities from API changes that touch the tube map code.
  3. Figure out how to silence the peer dependency warnings from packages deep in the dependency tree, or determine what the right front-end package to install is that brings along all the peer dependencies.
dortaelliott commented 3 years ago

I have updated the dependencies even by forcing them, but I think the problem eradicates in the indices as exposed in another thread.