I have to document and resume code from another developer which has been fired because of a lot a disciplinary trouble inside the team.
The application uses nodeJS and mongoDB and I'm a beginner at nodeJS, but webstorm help me a lot to understand how the application works.
(I precise the former dev did not leave me so much documentation, so I'm doing reverse engeeniring and cleaning here).
My question today is:
the node_modules looks like it is really huge to me, with 243 sub-repository. I'm suspecting than some of these are not usefull to the project but the package.json is not really helping here:
{
"name": "my_rotting_project",
"version": "1.0.0",
"description": "",
"main": "main.js",
"bin": "main.js",
"scripts": {
"start": "node --no-deprecation core/server",
"server": "nodemon --no-deprecation core/server",
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"luna": "file:./core"
},
"pkg": {
"scripts": "plugins/**/*.js",
"assets": [
"static/**/*",
"core/static/**/*"
]
},
"nodemonConfig": {
"ext": "js,mjs,json,html,css,ejs"
}
}
I have launched npx check and npx npm_check commands but they show me no unused library which seems unlikely (but both of them have written than some of dependencies was missing in package.json)
Does someone know if theses plugins are reliable enough or should I try other methods ? (and what should I do in this case ?)
thank you !
Related
Apologies if this is really simple, I really don't understand the fundamentals involved here.
I recently got a string of emails from GitHub letting me know that there were security vulnerabilities in my package-lock.json files, but since I do not actually have any packages in my package.json files (except parcel bundler, which was auto generated?), I wasn't sure if that was an issue. The only reason either file exists is because I used the Webstorm HTML5-Boilerplate template for the project, which auto generated them.
This is the entirety of my package.json file.
{
"name": " ",
"version": "0.0.1",
"description": "",
"keywords": "",
"license": "",
"author": "",
"scripts": {
"build": "parcel build index.html",
"dev": "parcel index.html --open",
"start": "npm run build && npm run dev",
"test": "echo \"Error: no test specified\" && exit 1"
},
"devDependencies": {
"parcel-bundler": "^1.12.4"
}
}
To the best of my knowledge the only other external code used is jsdelivr and two research scripts, jquery and proliferate; none of these are raising any flags on GitHub.
Are there vulnerabilities simply by virtue of having outdated packages in package-lock.json even if they are never used? Should I just delete the files or is there a better solution?
The only real bug fix I've tried so far is generating a new HTML5-Boilerplate template using Webstorm to see if it had updated the package-lock, but that didn't do anything.
I have my own nodejs web application which is using Parcel 2 to bundle the resources.
{
"name": "acme-web-app",
"version": "0.0.1",
"description": "",
"keywords": [],
"license": "",
"author": "",
"scripts": {
"build": "parcel build index.html",
"dev": "parcel index.html --open",
"start": "npm run build && npm run dev",
"test": "echo \"Error: no test specified\" && exit 1"
},
"devDependencies": {
"#parcel/packager-raw-url": "^2.6.0",
"#parcel/transformer-sass": "^2.6.0",
"#parcel/transformer-webmanifest": "^2.6.0",
"parcel": "^2.6.0",
"sass": "^1.52.2"
}
}
All works fine - the js bundles end up in a dist folder.
I am contemplating whether it is possible to write a parcel plug-in within this project is executed when the build script is run.
Is it possible - or does every reference need to go through npm channels via devDependencies?
I haven't figured a starting point for this - and have not been able to find what I am looking for on google so hopefully, the question makes sense.
NOTE: I have only really built web applications with nodejs.
I have a local node module I am trying to reuse in my other modules.
I use npm link to add the module as a dependency to other modules.
Everything works fine, however IntelliJ Treats this as an indirect dependency even if I add the dependency to the pom. Because of this none of the autocompletions for the dependency work.
Pom1:
{
"name": "test-module",
"version": "1.0.0",
"description": "\"Module functionality testing project\"",
"main": "index.js",
"scripts": {
"test": "\"No Tests done\""
},
"author": "",
"license": "ISC"
}
pom2:
{
"name": "test-module-2",
"version": "1.0.0",
"description": "\"Module functionality testing project\"",
"main": "index.js",
"scripts": {
"dev": "node index.js",
"test": "\"No Tests done\""
},
"author": "",
"license": "ISC",
"dependencies": {
"test-module": "^1.0.0"
}
}
Anyone know why this is and how to fix it?
The issue is tracked at WEB-49242, please follow it for updates.
As a workaround, please try including node_modules\test-module folder in index by selecting Mark directory as/Cancel exclusion from its right-click menu
I have the following package.json and I'd like to run the bins "build" and "run":
{
"name": "simple-site",
"version": "0.0.5",
"license": "MIT",
"bin": {
"build": "./bin/build.js",
"dev": "./bin/dev.js"
}
}
I've tried:
yarn run build
and I get
error Command "build" not found.
I've also tried:
yarn build
but the same thing happens:
error Command "build" not found.
It's propably not the right way to run bins. But then again, what is the right way to run bins with yarn?
Your package isn't installed.
When Yarn (and NPM) installs your package, it adds the commands under node_modules/.bin/, e.g. node_modules/.bin/build. Running yarn build would (if it doesn't find a matching script in the current package) look for a build in this .bin, then traverse upwards through the filesystem, looking for other node_modules/.bin/build's.
If your build script is only meant to be run while developing that specific package, add it as a script (see example here). It would more or less look like this:
{
"name": "simple-site",
"version": "0.0.5",
"license": "MIT",
"scripts": {
"build": "node ./bin/build.js",
"dev": "node ./bin/dev.js"
}
}
Do not need relative path added:
{
"name": "simple-site",
"version": "0.0.5",
"license": "MIT",
"scripts": {
"build": "build.js",
"dev": "dev.js"
}
}
The hashbang comment specifies the path to a specific JavaScript interpreter that you want to use to execute the script.
For example, helloWorld.js in ./node_modules/.bin:
#!/usr/bin/env node
console.log("Hello world");
You have a typo in your package.json. Where it says bin: it should say scripts:
{
"name": "simple-site",
"version": "0.0.5",
"license": "MIT",
"scripts": { // <-- here
"build": "./bin/build.js",
"dev": "./bin/dev.js"
}
}
I have a bunch of npm errors in my heroku logs. How can I begin to debug this? thanks!
screenshot
package.json
{
"name": "server",
"version": "1.0.0",
"description": "",
"main": "index.js",
"engines": {
"node": "8.1.1",
"npm": "5.0.3"
},
"scripts": {
"start": "node index.js"
},
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.16.0"
}
}
NPM ERR: missing script: start
It seems like you're missing the "start" script in your package.json file. That's where I would start looking. Heroku might assume you've set this script up beforehand. Here's a sample package.json file with the start script:
{
"name": "your-app",
"version": "1.0.0",
"main": "index.js",
"scripts": { // your npm scripts go here
"start": "nodemon index.js", // or whatever server package you're using
"lint:js": "node_modules/eslint/bin/eslint.js ./ ./**/*.js --fix; exit 0",
"lint:css": "node_modules/csslint/cli.js public/css/; exit 0",
"test": "NODE_ENV=test node_modules/mocha/bin/mocha"
},
"more": "settings below"
}
Here's a blurb from the Heroku website:
Specifying a start script
To determine how to start your app, Heroku first looks for a Procfile. If no Procfile exists for a Node.js app, we will attempt to start a default web process via the start script in your package.json.
The command in a web process type must bind to the port number specified in the PORT environment variable. If it does not, the dyno will not start.
For more information, see Best Practices for Node.js Development and Heroku Node.js Support.
https://devcenter.heroku.com/articles/deploying-nodejs