search

yishn / tikzcd-editor

A simple visual editor for creating commutative diagrams.
https://tikzcd.yichuanshen.de/
MIT License
1.9k stars 101 forks source link

Report `error` when `npm run build` #70

Closed scillidan closed 2 years ago

scillidan commented 2 years ago

Here is a complete log:

tikzcd-editor λ npm install, and:

npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-url@0.4.0: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 
or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 
or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated ecstatic@3.3.2: This package is unmaintained and deprecated. See the GH Issue 259.

added 754 packages, and audited 897 packages in 21s

28 packages are looking for funding
  run `npm fund` for details

22 vulnerabilities (6 moderate, 13 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

on git master [!] is pkg v0.9.0 via nodejs took 21s

npm audit fix --force, and:

npm WARN using --force Recommended protections disabled.
npm WARN audit fix lodash@4.17.19 node_modules/tap/node_modules/lodash
npm WARN audit fix lodash@4.17.19 is a bundled dependency of
npm WARN audit fix lodash@4.17.19 tap@14.10.8 at node_modules/tap
npm WARN audit fix lodash@4.17.19 It cannot be fixed automatically.
npm WARN audit fix lodash@4.17.19 Check for updates to the tap package.
npm WARN audit fix ansi-regex@4.1.0 node_modules/tap/node_modules/log-update/node_modules/ansi-regex
npm WARN audit fix ansi-regex@4.1.0 is a bundled dependency of
npm WARN audit fix ansi-regex@4.1.0 tap@14.10.8 at node_modules/tap
npm WARN audit fix ansi-regex@4.1.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@4.1.0 Check for updates to the tap package.
npm WARN audit fix ansi-regex@4.1.0 node_modules/tap/node_modules/string-length/node_modules/ansi-regex
npm WARN audit fix ansi-regex@4.1.0 is a bundled dependency of
npm WARN audit fix ansi-regex@4.1.0 tap@14.10.8 at node_modules/tap
npm WARN audit fix ansi-regex@4.1.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@4.1.0 Check for updates to the tap package.
npm WARN audit fix ansi-regex@5.0.0 node_modules/tap/node_modules/ansi-regex
npm WARN audit fix ansi-regex@5.0.0 is a bundled dependency of
npm WARN audit fix ansi-regex@5.0.0 tap@14.10.8 at node_modules/tap
npm WARN audit fix ansi-regex@5.0.0 It cannot be fixed automatically.
npm WARN audit fix ansi-regex@5.0.0 Check for updates to the tap package.
npm WARN audit fix minimist@1.2.5 node_modules/tap/node_modules/minimist
npm WARN audit fix minimist@1.2.5 is a bundled dependency of
npm WARN audit fix minimist@1.2.5 tap@14.10.8 at node_modules/tap
npm WARN audit fix minimist@1.2.5 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.5 Check for updates to the tap package.
npm WARN audit fix path-parse@1.0.6 node_modules/tap/node_modules/path-parse
npm WARN audit fix path-parse@1.0.6 is a bundled dependency of
npm WARN audit fix path-parse@1.0.6 tap@14.10.8 at node_modules/tap
npm WARN audit fix path-parse@1.0.6 It cannot be fixed automatically.
npm WARN audit fix path-parse@1.0.6 Check for updates to the tap package.
npm WARN audit Updating http-server to 14.1.1,which is a SemVer major change.
npm WARN audit Updating webpack to 5.74.0,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: tikzcd-editor@0.9.0
npm WARN Found: webpack@4.44.2
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from babel-loader@8.1.0
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.1.0" from the root project
npm WARN   3 more (terser-webpack-plugin, webpack-cli, the root project)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer webpack@"4.x.x" from webpack-cli@3.3.12
npm WARN node_modules/webpack-cli
npm WARN   dev webpack-cli@"^3.3.12" from the root project

added 32 packages, removed 124 packages, changed 52 packages, and audited 805 packages in 6s

34 packages are looking for funding
  run `npm fund` for details

# npm audit report

ansi-regex  4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/tap/node_modules/ansi-regex
node_modules/tap/node_modules/log-update/node_modules/ansi-regex
node_modules/tap/node_modules/string-length/node_modules/ansi-regex

lodash  <=4.17.20
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix`
node_modules/tap/node_modules/lodash

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/tap/node_modules/minimist

path-parse  <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/tap/node_modules/path-parse

4 vulnerabilities (1 moderate, 2 high, 1 critical)

To address all issues, run:
  npm audit fix

npm run build, and:

> tikzcd-editor@0.9.0 build
> npm run format-base -- --check && webpack --mode production

> tikzcd-editor@0.9.0 format-base
> prettier "**/*.{js,html,md}" "!{dist/**,bundle.js*}" "--check"

Checking formatting...
[warn] ci\createArtifact.js
[warn] ci\extractInfo.js
[warn] index.html
[warn] README.md
[warn] src\components\App.js
[warn] src\components\CodeBox.js
[warn] src\components\Grid.js
[warn] src\components\GridArrow.js
[warn] src\components\GridCell.js
[warn] src\components\Properties.js
[warn] src\components\Toolbox.js
[warn] src\diagram.js
[warn] src\geometry.js
[warn] src\helper.js
[warn] src\index.js
[warn] src\parser.js
[warn] tests\geometry.test.js
[warn] tests\parser.test.js
[warn] tests\tap-snapshots\parser.test.js-TAP.test.js
[warn] webpack.config.js
[warn] Code style issues found in the above file(s). Forgot to run Prettier?

on git master [!] is pkg v0.9.0 via nodejs took 2s 
tikzcd-editor λ npm install Prettier

changed 1 package, and audited 805 packages in 2s

35 packages are looking for funding
  run `npm fund` for details

4 vulnerabilities (1 moderate, 2 high, 1 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

Here, it tell me to run Prettier, but I don't know its meaning clearly? I know that have installed prettier.

on git master [!] is pkg v0.9.0 via nodejs took 2s 
tikzcd-editor λ Prettier -v
2.7.1

on git master [!] is pkg v0.9.0 via nodejs 
tikzcd-editor λ where Prettier
C:\Users\scillidan\scoop\apps\nodejs\current\bin\prettier
C:\Users\scillidan\scoop\apps\nodejs\current\bin\prettier.cmd
scillidan commented 2 years ago

It worked now with nodejs v16.14.0. Perhaps these errors are a result of the version of nodejs I used earlier.