kglazko/npm_Checklist

Audit npm dependencies

Opened this issue · 4 comments

pdehaan commented

Lets make sure that all the modules in package.json are used/listed...
And when you do an npm install {{module}} make sure you specify the -S or -D flags so the modules get added to the package.json file as dependencies or devDependencies respectively. That way we can guarantee that a person can just do a git clone {{repo}} and npm install and everything will be installed automatically.

pdehaan commented

Current status:

$ git clone git@github.com:yglazko/npm_Checklist.git
$ cd npm_Checklist
$ rm -rf node_modules
$ npm i
$ node app

module.js:340
    throw err;
          ^
Error: Cannot find module 'nano'
    at Function.Module._resolveFilename (module.js:338:15)
    at Function.Module._load (module.js:280:25)
    at Module.require (module.js:364:17)
    at require (module.js:380:17)
    at Object.<anonymous> (/Users/pdehaan/dev/tmp/npm_Checklist/app.js:10:12)
    at Module._compile (module.js:456:26)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Function.Module.runMain (module.js:497:10)
pdehaan commented

OK, I manually installed nano and added it to my package.json file, but I'm getting errors when trying to start up the server locally:

$ node app

/Users/pdehaan/dev/tmp/npm_Checklist/app.js:21
app.configure(function(){
    ^
TypeError: Object function (req, res, next) {
    app.handle(req, res, next);
  } has no method 'configure'
    at Object.<anonymous> (/Users/pdehaan/dev/tmp/npm_Checklist/app.js:21:5)
    at Module._compile (module.js:456:26)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Function.Module.runMain (module.js:497:10)
    at startup (node.js:119:16)
    at node.js:929:3

$ npm outdated --depth 0
$ npm ls --depth 0
browserid-cookbook-express@0.0.0 /Users/pdehaan/dev/tmp/npm_Checklist
├── browserid-verify@0.1.2
├── express@4.13.0
├── jade@1.11.0
└── nano@6.1.4
pdehaan commented

Ah, OK, it looks like the hack-n-slash version of express that you checked in to /node_modules/ is
express@3.2.6 but if I rm -rf the node_modules directory and reinstall from the package.json (via npm i) is express@4.13.x which has an incompatible API.

$ ./node_modules/.bin/express --version
3.2.6

versus package.json:

  "dependencies": {
    "express": "4.13.x",
    "jade": "1.11.x",
    "browserid-verify": "0.1.x"
  },

You gonna need to decide if you want to update the app to use the latest version of express, or downgrade your package.json to use express@3.

pdehaan commented

Fixed in #13