I'm trying to use this in an Angular project:
https://owasp.org/www-project-dependency-check/
We use the Database server approach explained in https://jeremylong.github.io/DependencyCheck/data/database.html in all our builds, but I been unable to trigger this analysis for the Angular project.
The official documentation offers this:
https://jeremylong.github.io/DependencyCheck/analyzers/nodejs.html
Alas, I could not figure out how to use for the angular build. I have also tried the command below with no success either.
$ npm audit
What am I missing here?
Related
I've recently discovered JHipster and I'm giving it a try. Reading the official web page, it says that JHipster uses Sonar as its linting tool. But I've also noticed that the project has a .eslintrc.json file configured to work with Angular and Eslint dependencies/scripts in package.json. However, the sonar-project.properties file isn't configured to import Eslint's report into SonarQube (via sonar.eslint.reportPaths).
So I'm left wondering how the linting analisis should be done with JHipster's stack. Am I supposed to use sonar-scanner's report or import Eslint's report into SonarQube?
Thanks in advance,
Urko
JHipster uses SonarQube to analyze your java source code and usually this is done by your build tool (maven or gradle) and/or your java IDE.
Then there's static code analysis for frontend code which can be run using npm lint and which uses eslint. JHipster does not configure .eslintrc.json to use eslint-plugin-sonarjs so there's no link with Sonar here but you could add it if you want to use additional eslint rules provided by Sonar.
i use strapi and i want to change the default text editor with the ckeditor5 classic.
On the strapi website is a guide how to configure the default ckeditor5 classic for strapi.
Strapi Guide
But there are some important tools missing so I want to build my custom fork of the ckeditor5 classic package.
I started with the ckeditor5 online builder. Downloaded the build package and want to import it in the strapi project.
Online Builder
My problems starting here.
First of all, how I can use a downloaded package in a project instead of download it over npm/yarn?
Package Structure:
build
sample
src
Licsence
package.json
webpack.config
I saw that package has no main command in the package.json. So an import in a node.js file to this package doesn't work. Here is my question, is this package i build with the online generator intended for usage in a node project?
Look at the truth, I don't know very well, I'm not an expert on the subject yet ... I'm really new and I'm working with strapi, but as I see these plugins have an install command with NPM. Example:
enter image description here
Try to download the plugins by NPM or Yarn and then import them as they say in this post: Customizing CKEditor for Strapi gives "ckeditor-duplicated-modules" error
I started a tutorial on Angular 2.0, the first step in setting up the workspace is installing Node.js and NPM.
Why do we have install Node.js for Angular 2.0?
I don't remember doing this for angular 1.X.
Technically, Node.js and NPM are not needed to do Angular2 work. It does ease things though. Here's the main reasons I speculate are behind this choice:
CLI: Since a while now the de facto way to build and develop new Angular apps is to use the CLI tooling which relies on Node and NPM as well.
TypeScript: Examples are .ts, and you need to run a compiler step to get them into .js, which can be done on-the-fly easily with Node.js and NPM (plus it's a way of easily getting typing files);
Web Server: Serving your Angular SPA from a "real" albeit light web server prevents probably some nasty issues that come with checking your site using file:// links.
The Quickstart guide itself actually continues to mention some more concrete reasons as well:
Here's what these scripts do:
npm start - runs the compiler and a server at the same time, both in "watch mode"
npm run tsc - runs the TypeScript compiler once
npm run tsc:w - runs the TypeScript compiler in watch mode; the process keeps running, awaiting changes to TypeScript files and re-compiling when it sees them
npm run lite - runs the lite-server, a light-weight, static file server with excellent support for Angular apps that use routing
npm run typings - runs the typings tool separately
npm run postinstall - called by npm automatically after it successfully completes package installation. This script installs the TypeScript definition files defined in typings.json
You can also have a look at the Quickstart source and further dive into where NPM is needed.
Footnote: there's a similar question about needing Node.js for AngularJS (1.x).
Because Anglar2 is based on Typescript, Web Components and ES6 which need compilation for performance and broader browser support. Typescript is compiled to ES5 JavaScript and the other features require shims for backwards compatibility.
Since Typescript is a superset of JavaScript, and it's compiled to JavaScript anyway, you can write your code in plain JavaScript but it's not recommended.
For a more detailed explanation check out these videos on YouTube
Why Typescript
Instalation steps
NodeJS gives you the tool npm that allows you to download libraries and packages you would use in Angular 2. From the shell you can go to your folder and type npm install to install dependencies you need to have installed to get your angular project going. It will make it easier for you! If you want a complete starter kit go to https://github.com/buckyroberts, you can fork or download the zip with all the starter files to get you going :)
You do not need to use Node anywhere in production to use any front-end JavaScript framework, whether it is jQuery, AngularJS, ReactJS, Angular2, etc.
Angular2 can be used in isolation but to get and feel better development environment, angular2 should be used with nodejs and npm. Some of the nodejs modules helps you in web development.
It happens occasionally that the development version of a module works in my development workspace and passes on Travis-CI but after publishing to npm it turns-out the end-user package is broken.
For example if you use a sub module that should be in dependencies but had it in devDependencies then CI will pass (but there are plenty other possible breakages).
How do you automate testing this? Do you use external rigging? Is there a secret module? Do you have a user acceptance test suite?
I use Github with Travis-CI but the standard setup uses the development install.
Once upon a time I discovered that npm would let me publish packages that are uninstallable. So I've added a target to my Gruntfile that does this:
Issue npm pack to create a package from my source.
Into a directory created (automatically by my Gruntfile) just for testing install the new package using npm install <path to the package created in the previous step>.
I have a target for publishing a new version that will publish only if the steps above are successful.
The steps above would not catch the dependency problem you mentioned in the question but they could easily be extended to catch it. To do this, I'd add one or more tests that cause the package installed in step 2 above to call require with all that it depends on.
I would suggest to set up your own CI server that does essentially one thing, npm install package ; cd node_modules/package ; npm test. This would ensure that your package is installable at least on your server.
I heard that Jenkins is good for this (at least, that's what node.js core team seems to be using), but don't have any first hand experience yet. We're just planning to set in up in a couple of weeks.
Also, having some external module that depends on you and testing it helps a bit. :)
I am new to Node.js programming and I have recently created a sample working web application using (express, backbone & other complimentary view technologies, with mongoDB). Now i am at a point where I want to deploy the same on a staging environment and I am not sure how to package this application and distribute the same. [I can take care of mongoDb and setting it up seperately]
I am from Java world and in there we create jars for reusable libs and war/ear packages for web applications which is deployed in a servlet container. Now in this case since node.js itself acts as a web container as well, how do i package my webapp?
Is there any standard format/guidelines of packaging node webapps built using express? (Is there a similar jar/war packaging systems for node apps?)
How do I deploy it once packaged? Would it become an exe, since it is also its own container?
PS: As of now I am thinking of just manually copying all the required source files into the staging environment and run npm commands to download all dependencies on that machine and then use 'forever' or some other mechanism to run my server.js. (Also, add some sort of monitoring, just in case app crashes and forever fails) I am not sure if that is the right way? I am sure there must be some standardized way of addressing this problem.
Deploying Node.js applications is very easy stuff. In maven, there is pom.xml. Related concept in Node.js is package.json. You can state your dependencies on package.json. You can also do environmental setup on package.json. For example, in dev environment you can say that
I want to run unit tests.
but in production;
I want to skip unit tests.
You have local repositories for maven under .m2 folder. In Node.js, there is node_modules folder under your Node.js project. You can see module folders with its name.
Let's come to the grunt part of this answer. Grunt is a task manager for your frontend assets, html, javascript, css. For example, before deployment you can minify html, css, javascript even images. You can also put grunt task run functions in package.json.
If you want to look at a sample application, you can find an example blog application here. Check folder structure and package.json for reference.
For deployment, I suggest you heroku deployment for startup applciations. You can find howto here. This is simple git based deployment.
On project running part, simply set your environment NODE_ENV=development and node app.js. Here app.js is in your project.
Here is relative concept for java and nodejs;
maven clean install => npm install
.m2 folder => node_modules(Under project folder)
mvn test => npm test(test section on package.json)
junit, powermock, ... => mocha, node-unit, ...
Spring MVC => Express.JS
pom.xml => package.json
import package => require('module_name')
There is no standardized way, but you're on the right track. If your package.json is up to date and well kept, you can just copy/zip/clone your app directory to the production system, excluding the node_modules.
On your production system, run
npm install to install your dependencies, npm test if you have tests and finally NODE_ENV=production node server.js
Some recent slides I considered to be quite helpful that also include the topic of wrappers like forever, can be found here.
Hope this might be helpful for somebody looking for the solution,Packaging of Node js apps can be done using "npm pack" command.It creates a zip file of your application which can be run in production/staging environment.
Is there any standard format/guidelines of packaging node webapps
built using express? (Is there a similar jar/war packaging systems for
node apps?)
Yes, the CommonJS Packages specification:
This specification describes the CommonJS package format for
distributing CommonJS programs and libraries. A CommonJS package is a
cohesive wrapping of a collection of modules, code and other assets
into a single form. It provides the basis for convenient delivery,
installation and management of CommonJS components.
For your next question:
2. How do I deploy it once packaged? Would it become an exe, since it is also its own container?
I second Hüseyin's suggestion to deploy on Heroku for production. For development and staging I use Node-Appliance with VirtualBox and Amazon EC2, respectively:
This program takes a Debian machine built by build-debian-cloud or
Debian-VirtualBox-Appliance and turns it into a Node.js "appliance",
capable of running a Node application deployed via git.
Your webapp will not become an exe.
few ways to approach this:
Push your code into Git repository, excluding everything that isn't your code (node_modules/**), then pull it in your staging environment, run npm install to restore all dependencies
create an NPM package out of it , install it via npm in your staging environment (this should also take care of all of the dependencies)
manual copy/ssh files to your staging environment (this can be automated with Grunt), than restore your dependencies via npm
I used zeit's pkg module. It can create cross platform deliverables for linux/win/macos. Actually used it in production and works fine without any issues.
It takes in all the js scripts and packages it into a single file.
The reason I used it is because it helps in securing your source code. That way in production at customers environment they will have access to application but not the source code.
Also one of the advantages is that at production environment, you do not actually need to have the customer install node.js as the node binaries also get packaged inside the build.
https://www.npmjs.com/package/pkg