by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 23 04:15
    j-walker23 closed #623
  • Sep 20 22:55
    guybedford closed #80
  • Sep 20 22:55
    guybedford commented #80
  • Sep 19 06:57
    guybedford closed #79
  • Sep 19 06:57
    guybedford commented #79
  • Sep 19 01:14
    guybedford commented #80
  • Sep 19 00:56
    gingur commented #80
  • Sep 19 00:48
    gingur commented #79
  • Sep 19 00:19
    guybedford commented #80
  • Sep 19 00:17
    guybedford commented #79
  • Sep 19 00:17
    gingur opened #80
  • Sep 19 00:13
    gingur opened #79
  • Sep 12 09:28
    guybedford edited #78
  • Sep 12 09:25
    guybedford edited #78
  • Sep 12 09:25
    guybedford commented #78
  • Sep 12 08:23
    guybedford opened #78
  • Sep 11 22:52
    guybedford commented #77
  • Sep 11 22:50
    lucasgfavaro closed #77
  • Sep 11 22:50
    lucasgfavaro commented #77
  • Sep 11 22:49
    guybedford commented #77
Boris Aranovič
@nomaed
npm audit complains about security vulnerability. This is caused by the rollup-plugin-terser version used by the current project, which relies on a problematic version of serialize-javascript. rollup-plugin-terser have since released a new version which patches this vulnerability, and it would be helpful if jspm would use the new version. I even created a PR a couple of months ago: jspm/jspm-cli#2507
However, it doesn't look like there's much activity on the project's GitHib, so I am posting it here, with hopes that some maintainers can take a look at it.
Joe Pea
@trusktr
@gabrnavarro Are they github dependencies?
sravanmca21
@sravanmca21
Hi guys ... Is there any clear documentation on difference between.. jspm bundle and jspm bundle-sfx.. I am working on a Angular js project.. i want to minify the source code and bundle it as dist..
Joe Pea
@trusktr
@nomaed For the purposes in which serialize-javascript is being used, I don't think there's any vulnerability. I think that issue is for websites that use it and deal with 3rd party code inside their application. In the case of jspm and terser plugin, it's just taking your code and compiling it, and you will already give jspm and terser both full access to all code to manipulate it any way those tools see fit (including access to run any and all of that code) so it doesn't matter much. In this case, there is trust in jspm and terser.

@guybedford Does jspm CDN support semver? I tried https://dev.jspm.io/@here/harp-omv-datasource@^0.13.0/index-worker but that doesn't work.

It'd be great if semver syntax was supported, just like with unpkg.

@ameerthehacker not all libraries work, because they don't all do things in a fully ES Module compatible way unfortunately.
@gabrnavarro I'm sorry you run into that ancient JSPM problem with rate limiting from GitHub. JSPM requires you to get and configure GitHub API keys to avoid that problem (at least last time I checked back in 2015).
Kelly Navarro
@gabrnavarro
@trusktr Hey, sorry i took too long to reply. The dependencies throwing the ratelimit is actually from the npm registry. We resolved the issue by just adding a retry. Hopefully there will be a longterm fix
Guy Bedford
@guybedford
@trusktr https://dev.jspm.io/@here/harp-omv-datasource@0.13/index-worker is the way to do semver - semver symbols aren't supported just leaving out the patch or minor
Joe Pea
@trusktr
@guybedford But then that means it is too easy to cause dependency forks, f.e. importing 4.5.1 and 4.5.2 of a dependency from two places, instead of ^4.5.1 and ^4.5.2 resolving to the latest 4.5.x
Oh wait, I see, so 4.5 in the URL is the same as ^4.5
And I assume the default is ^ behavior. So basically it supports the common use case of ^ but not others like ~ or ranges.
sravanmca21
@sravanmca21
Jspm budle failed with error below . 12:23:34 Command node --max-old-space-size=2048 node_modules/jspm/jspm bundle-sfx main public/myapp.js --inject --minify --source-map-contents && mv public/myapp* dist/public && cp public/config.js dist/public && jspm unbundle failed with exit code 137
12:23:34 [16:23:32] Error in plugin 'run-sequence(dist:bundle)'
What might be the issue?
Joshua Wilson
@jwilson8767
Can you try running just the first part (node --max-old-space-size=2048 node_modules/jspm/jspm bundle-sfx main public/myapp.js --inject --minify --source-map-contents)
Also, what version of JSPM are you on?
sravanmca21
@sravanmca21
Joshua Wilson
@jwilson8767
@sravanmca21 Can you post more of you log when running just the first part of that build command?
sravanmca21
@sravanmca21
Hi, sorry for the delay, please see the error below
18:21:45 Command node --max-old-space-size=8192 node_modules/jspm/jspm bundle-sfx main public/myapp.js --inject --minify --source-map-contents failed with exit code 137
18:21:45 [22:21:42] Error in plugin 'run-sequence(dist:bundle)'
18:21:45 Error
18:21:45 at finish (/jenkins/workspace/pipeline-change/node_modules/run-sequence/index.js:56:13)
18:21:45 at Gulp.onError (/jenkins/workspace/pipeline-change/node_modules/run-sequence/index.js:67:4)
18:21:45 at emitOne (events.js:101:20)
18:21:45 at Gulp.emit (events.js:188:7)
18:21:45 at Gulp.Orchestrator._emitTaskDone (/jenkins/workspace/pipeline-change/node_modules/orchestrator/index.js:264:8)
18:21:45 at /jenkins/workspace/pipeline-change/node_modules/orchestrator/index.js:275:23
18:21:45 at finish (/jenkins/workspace/pipeline-change/node_modules/orchestrator/lib/runTask.js:21:8)
18:21:45 at DestroyableTransform.<anonymous> (/jenkins/workspace/pipeline-change/node_modules/orchestrator/lib/runTask.js:52:4)
18:21:45 at DestroyableTransform.f (/jenkins/workspace/pipeline-change/node_modules/end-of-stream/node_modules/once/once.js:17:25)
18:21:45 at emitOne (events.js:101:20)
18:21:45 at DestroyableTransform.emit (events.js:188:7)
18:21:45 at /jenkins/workspace/pipeline-change/node_modules/gulp-shell/index.js:100:14
18:21:45 at /jenkins/workspace/pipeline-change/node_modules/gulp-shell/node_modules/async/lib/async.js:52:16
18:21:45 at /jenkins/workspace/pipeline-change/node_modules/gulp-shell/node_modules/async/lib/async.js:264:21
18:21:45 at /jenkins/workspace/pipeline-change/node_modules/gulp-shell/node_modules/async/lib/async.js:44:16
18:21:45 at /jenkins/workspace/pipeline-change/node_modules/gulp-shell/index.js:75:7
18:21:45 at ChildProcess.exithandler (child_process.js:213:5)
18:21:45 at emitTwo (events.js:106:13)
18:21:45 at ChildProcess.emit (events.js:191:7)
18:21:45 at maybeClose (internal/child_process.js:877:16)
18:21:45 at Socket.<anonymous> (internal/child_process.js:334:11)
18:21:45 at emitOne (events.js:96:13)
18:21:45 at Socket.emit (events.js:188:7)
Joshua Wilson
@jwilson8767
Just glancing through that stack trace I don't immediately see anything wrong, but I do wonder if you really need --inject? Looking back at these docs I'm thinking you may be able to simplify the command a bit to narrow in on the issue: https://jspm.org/docs/0.16/production-workflows.html
Guy Bedford
@guybedford
@trusktr if all your dependencies are ranged you can't fork yes
exactly always defaults to ^
Joshua Wilson
@jwilson8767
Hope y'all are staying safe through the quarantines! I've been surprised how many projects I can get myself committed to with just a little more free time in the day from staying home!
Guy Bedford
@guybedford
@jwilson8767 is that an offer to contribute to jspm!? :P
2.0 development has pretty much stopped now and will likely be abandoned
there is some work on 3.0 now which should see a public release in the next month or two
Joshua Wilson
@jwilson8767
More a lament that I'm bad at saying "no", lol. What's 3.0??
Guy Bedford
@guybedford
haha, nice
3.0 is a new reframing of the concept, will aim to provide more info soon
Vika
@kisik21
SyntaxError: Unexpected token {
    at new Function (<anonymous>)
    at dew (file:///home/vika/Projects/blogblaze/jspm_packages/npm/uglify-js@2.8.29/tools/node.dew.js:46:3)
    at dew (file:///home/vika/Projects/blogblaze/jspm_packages/npm/pug-filters@3.1.1/lib/run-filter.dew.js:38:16)
    at dew (file:///home/vika/Projects/blogblaze/jspm_packages/npm/pug-filters@3.1.1/index.dew.js:8:23)
    at dew (file:///home/vika/Projects/blogblaze/jspm_packages/npm/pug@2.0.4/lib/index.dew.js:40:17)
    at file:///home/vika/Projects/blogblaze/jspm_packages/npm/pug@2.0.4/lib/index.js:2:16
    at ModuleJob.run (internal/modules/esm/module_job.js:95:12)
when using globally-installed jspm 2.0.0-beta7 and trying to use pug via jspm install pug and subsequent import
looks like the dew thing, whatever it is, can't handle dynamically constructed code?
Vika
@kisik21

:point_up: March 27, 2020 5:40 PM

3.0 is a new reframing of the concept, will aim to provide more info soon

i wonder how soon it'll be :3

Guy Bedford
@guybedford
@kisik21 the jspm CLI is not being maintained because there was too little user interest
I'm working every day on 3.0 :)
but don't hold your breath...
mcuking
@mcuking
Hello, anyone know how to fetch npm modules from private npm serview via the jspm.io cdn?
There are some npm modules in our private npm registry, and I want to fetch it from jspm.io. Is it possible?
Guy Bedford
@guybedford
Hi @mcuking yes private npm support isn't provided over the public CDN - you would need to run your own CDN for that
We are looking at providing private versions of the jspm servers for this though
What sort of use case is it for? Public or internal?
mcuking
@mcuking
Thanks for your apply
And do you kown how to transform npm module to the one which can be used in browser? Is there any open source code or article to learn?
AllanAjour
@AllanAjour

Trying "jspm install"

warn Error on download for github:systemjs/plugin-json
Bad response code 401

err Error downloading github:systemjs/plugin-json.

warn Installation changes not saved.

Can some one help please ? ;)

Brandon Wittwer
@brandonwittwer
is there a way to configure JSPM to authenticate to github via an Authorization HTTP header and not the url token. Github is deprecating that authorization method soon