search

xdesro / sex-work-exclusive-tech-companies

A growing list of tech companies with Terms of Service that discriminate against sex workers.
https://sex-work-exclusive-companies.tech/
MIT License
18 stars 6 forks source link

Unable to use current LTS version of node/npm #38

Closed dylankenneally closed 1 year ago

dylankenneally commented 2 years ago

I found I needed to use node v12/npm v6 to be able to install the packages we use (npm i).

v12 stopped being supported in October 2020 and stopped getting security support in April 2022.

Trying to install with the current node/npm LTS (v16/v8) failed, log file attached. Same with v14/v6.14, log file attached.

NB: whilst node v12 is not supported, this does not affect the deployed production as the site is static, so this isn't critical, only developers will be affected, but should be resolved quickly nevertheless.

Suggested approach

Force the node & nvm versions

  1. upgrade the node version to the current LTS (v16) or the upcoming LTS (v18)
  2. enforce the node version so developers don't need to figure out the required version
    • add engines to package.json as below
    • set the engine mode to strict & commit the .npmrc file that will be generated
  3. remove the .nvmrc file, as it doesn't work for those of us not using nvm (I use n for example), and it won't be needed due to the above point
  4. update the README.md file to include a prerequisites section for the next dev to come along

Engines in package.json

Ref: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#engines

"engines" : { 
    "npm" : ">=8.0.0 <9",
    "node" : ">=16.0.0 <17"
}

If setting to v18, update the values as needed.

Strict engine mode

Run the following, and commit the .npmrc file that will be produced

npm config set engine-strict true

Update the package versions & check the app

The above will lead to several packages being flagged as out of date, and hence npm i will fail. At the time of writing, the app only has 5 dependencies + 9 dev dependencies - my suggestion would be to update all of them to the latest stable version, after checking for any known migration issues from the package vendors.

After that's done, check the workflows we need still function properly & check the app functions as desired. The following all need to function without errors or warnings:

Log any npm audit issues

It's just always a good idea... and an upgrade like the one suggested is a good time to do it. Run npm audit and log any issues generated here in GitHub ready for triage.

Log files from failed attempts to install

npm install failed - node v14.19.3 npm 6.14.17.log npm install failed - node v16.16.0 npm 8.11.0.log

dylankenneally commented 2 years ago

I'm happy to take this issue on after I've finished what I'm currently doing (adding more companies). But be aware this is my first exposure to nuxt. I've used plenty of similar frameworks, but if this repo is doing anything non standard with nuxt, it would be best to get someone else assigned.

xdesro commented 1 year ago

Hey @dylankenneally — I've just added 6b3f935f3acb1d9b1f6a42d56d785ff17b566097, which does a ton of cleanup and modernization, but for the purposes of this issue, allows for the use of a more modern Node version (v16).

FWIW, I tried to update all the way to LTS v18, but there's an issue with a change in OpenSSL that happened from v16 -> v17.