Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Oct 19 04:56
    JayaKrishnaNamburu closed #76
  • Oct 19 04:56
    JayaKrishnaNamburu commented #76
  • Oct 19 01:28
    guybedford closed #73
  • Oct 19 01:28
    guybedford commented #73
  • Oct 19 01:28
    guybedford commented #76
  • Oct 19 01:27
    guybedford closed #74
  • Oct 16 16:40
    guybedford commented #82
  • Oct 16 16:30
    arlac77 opened #82
  • Oct 11 22:07
    marleyjustin08 closed #1087
  • Oct 11 22:07
    marleyjustin08 opened #1087
  • Oct 11 14:31
    marleyjustin08 commented #1082
  • Oct 11 14:29
    marleyjustin08 commented #1082
  • Oct 11 14:29
    marleyjustin08 closed #1086
  • Oct 11 14:29
    marleyjustin08 commented #1086
  • Oct 11 06:36
    marleyjustin08 opened #1086
  • Oct 02 06:19
    guybedford closed #82
  • Oct 02 06:19
    guybedford closed #81
  • Oct 02 06:19
    guybedford closed #80
  • Oct 02 06:19
    guybedford closed #79
  • Oct 02 06:10
    goderos19 opened #82
Guy Bedford
@guybedford
where the analysis has some limited support for wildcards (hence the *)
but that support is specifically disabled for the usual conversion process
the preloader isn't disabling the wildcard support though causing the issue
(preloader injects deep dependency tree to avoid latency waterfall)
(so far as possible down to version uncertainty with far-future expires)
It should be an easy fix actually...
Rob Halff
@rhalff
I'm totally not into the code of jspm itself, so I assume you can judge best whether this should be fixed or not. It's older code I'm trying to import, would just be nice if it worked out of the box, I could try and update dependencies also.
Guy Bedford
@guybedford
it's a general issue, applying to any libraries that do require('asdf/' + identifier)
so I'm all for fixing it
Rob Halff
@rhalff
ah ok, then I'm sure I would probably face the same problem again also :)
Guy Bedford
@guybedford
ok it's fixed, but there seems to be another issue with it using old-style octal literals
@rhalff if you're interested, the bug is jspm/babel-plugin-transform-cjs-dew#12
happy to advise if you'd like to try working on it
but otherwise that isn't a priority for me personally
the require thing should be fully fixed now though
Rob Halff
@rhalff
I didn't realize it's actually a dynamic require call within that github package itself, which makes it very specific.
Rob Halff
@rhalff
I'll have a look, I now indeed get the error you've mentioned:
main.js? [sm]:26422 Error: Uncaught (in promise): SyntaxError: Octal escape sequences are not allowed in strict mode.
SyntaxError: Octal escape sequences are not allowed in strict mode.
valsar6
@valsar6
Hello guys, I'm sorry but I'm trying to follow the guide of 2.0 beta and I can't made http-server work for me
can someone help me please?
Guy Bedford
@guybedford
Hi @valsar6 what issue are you getting here? I haven't tested this in a while myself so there may well be something that got out of sync.
Would be glad to get it fixed.
Joel Denning
@joeldenning
@valsar6 I tried out http-server with jspm and am getting an error "jspm loader not found"
Is that what you are seeing?
What I am seeing is that when you install jspm globally with yarn it doesn't work. But that if you install it globally with npm, it does work
Joel Denning
@joeldenning
I created jspm/jspm-cli#2509 to discuss the issue with yarn installation
Dan Pettersson
@deap82
Does anyone here have any kind of input/theory/idea for this issue; https://discourse.aurelia.io/t/aurelia-plugin-loaded-from-jspm-folder-even-though-bundled/3195
Max
@MaximBalaganskiy
@deap82 I would step debug through the loader code to find out why it cannot be loaded from the bundle
Dan Pettersson
@deap82
What is the file system-csp-production.js? When is it used?
Kelly Navarro
@gabrnavarro
Hey guys is there a way to not download dependencies concurrently, or at least not too fast? Using jspm install
I think I might be getting ratelimited for downloading too many libraries at once
Ameer Jhan
@ameerthehacker
it does not work
Boris Aranovič
@nomaed
npm audit complains about security vulnerability. This is caused by the rollup-plugin-terser version used by the current project, which relies on a problematic version of serialize-javascript. rollup-plugin-terser have since released a new version which patches this vulnerability, and it would be helpful if jspm would use the new version. I even created a PR a couple of months ago: jspm/jspm-cli#2507
However, it doesn't look like there's much activity on the project's GitHib, so I am posting it here, with hopes that some maintainers can take a look at it.
Joe Pea
@trusktr
@gabrnavarro Are they github dependencies?
sravanmca21
@sravanmca21
Hi guys ... Is there any clear documentation on difference between.. jspm bundle and jspm bundle-sfx.. I am working on a Angular js project.. i want to minify the source code and bundle it as dist..
Joe Pea
@trusktr
@nomaed For the purposes in which serialize-javascript is being used, I don't think there's any vulnerability. I think that issue is for websites that use it and deal with 3rd party code inside their application. In the case of jspm and terser plugin, it's just taking your code and compiling it, and you will already give jspm and terser both full access to all code to manipulate it any way those tools see fit (including access to run any and all of that code) so it doesn't matter much. In this case, there is trust in jspm and terser.

@guybedford Does jspm CDN support semver? I tried https://dev.jspm.io/@here/harp-omv-datasource@^0.13.0/index-worker but that doesn't work.

It'd be great if semver syntax was supported, just like with unpkg.

@ameerthehacker not all libraries work, because they don't all do things in a fully ES Module compatible way unfortunately.
@gabrnavarro I'm sorry you run into that ancient JSPM problem with rate limiting from GitHub. JSPM requires you to get and configure GitHub API keys to avoid that problem (at least last time I checked back in 2015).
Kelly Navarro
@gabrnavarro
@trusktr Hey, sorry i took too long to reply. The dependencies throwing the ratelimit is actually from the npm registry. We resolved the issue by just adding a retry. Hopefully there will be a longterm fix
Guy Bedford
@guybedford
@trusktr https://dev.jspm.io/@here/harp-omv-datasource@0.13/index-worker is the way to do semver - semver symbols aren't supported just leaving out the patch or minor
Joe Pea
@trusktr
@guybedford But then that means it is too easy to cause dependency forks, f.e. importing 4.5.1 and 4.5.2 of a dependency from two places, instead of ^4.5.1 and ^4.5.2 resolving to the latest 4.5.x
Oh wait, I see, so 4.5 in the URL is the same as ^4.5
And I assume the default is ^ behavior. So basically it supports the common use case of ^ but not others like ~ or ranges.
sravanmca21
@sravanmca21
Jspm budle failed with error below . 12:23:34 Command node --max-old-space-size=2048 node_modules/jspm/jspm bundle-sfx main public/myapp.js --inject --minify --source-map-contents && mv public/myapp* dist/public && cp public/config.js dist/public && jspm unbundle failed with exit code 137
12:23:34 [16:23:32] Error in plugin 'run-sequence(dist:bundle)'
What might be the issue?
Joshua Wilson
@jwilson8767
Can you try running just the first part (node --max-old-space-size=2048 node_modules/jspm/jspm bundle-sfx main public/myapp.js --inject --minify --source-map-contents)
Also, what version of JSPM are you on?
sravanmca21
@sravanmca21
Joshua Wilson
@jwilson8767
@sravanmca21 Can you post more of you log when running just the first part of that build command?