Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit fix breaks build #241

Open
notramo opened this issue Nov 30, 2022 · 1 comment
Open

npm audit fix breaks build #241

notramo opened this issue Nov 30, 2022 · 1 comment

Comments

@notramo
Copy link

notramo commented Nov 30, 2022
edited

A security fix breaks the build of the site.

  1. Generate a package lock file by installing a library, e.g. stylus, or just generate it without installing any package: npm i --package-lock-only
    npm will warn you about a security vulnerability found in Svelte
  2. Run npm audit fix
  3. The build fails without explanation. The fix is a minor semver bump, so it shouldn't cause breaking changes.

The error message is nonsense, and even worse, the failed build is served by plenti serve, so it's harder to notice.
I have spent at least an hour debugging it, because I noticed it too late, after I have modifyed bigger amount of code. I couldn't find it with git bisect, because I didn't reinstall the dependencies.
@jimafisk
Copy link
Member

Thanks for flagging this @notramo. Unfortunately upgrading Svelte manually breaks Plenti. This is known issue:

The next big phase for Plenti is improving the compilation step, currently there is much to be desired there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jimafisk @notramo