ariaminaei / renderkid Goto Github PK
View Code? Open in Web Editor NEWStylish console.log for node
License: MIT License
Stylish console.log for node
License: MIT License
We're doing legal and security audits of our dependencies and so far one of the most problematic parts is the css-select
project and its dependencies. See following issues:
In many cases, there is no response from @fb55 for a long time and the issues are quite important as technically, legally, nobody should be really using packages distributed without explicit license. A code without license is to be considered proprietary by default and using such code could be easily classified as theft. This makes it problematic to use RenderKid
in any company or by any individual who actually cares about licensing.
Moreover, the css-select
project seems to be more or less abandoned. It seems to me @fb55's dependencies and the css-select
project act as a single point of failure in your project. Even if you don't care about licensing, it's apparently naive to expect the dependencies will ever get updated, bugs fixed, etc.
jonschlinkert/window-size#4
https://nodejs.org/api/tty.html#tty_ws_columns
https://github.com/AriaMinaei/RenderKid/blob/master/src/tools.coffee#L75-L76
cols =
# ...
else if process.stdout.columns and process.stdout.rows
process.stdout.rows
just saw this through your pretty-error module, you might be interested in https://github.com/visionmedia/node-term-css it seems like a similar use-case
Hello,
we are trying to fix the licensing issues in our dependencies.
Could you please bump version of utila dependency to at least 0.4.0? The 0.4.0 version is adding LICENSE file to the package.
Also can you please also bump the utila version in archived https://github.com/AriaMinaei/dom-converter, do the new release and use it here? I see that you are the maintainer, and as long the repo is archived I cannot add issues or PR there.
Thanks a lot.
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
[webpack-cli] Error [ERR_REQUIRE_ESM]: require() of ES Module C:\Documents\GitHub\my-vue-router-project\node_modules\strip-ansi\index.js from C:\Documents\GitHub\my-vue-router-project\node_modules\renderkid\lib\RenderKid.js not supported. Instead change the require of index.js in C:\Documents\GitHub\my-vue-router-project\node_modules\renderkid\lib\RenderKid.js to a dynamic import() which is available in all CommonJS modules. at require (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:159:20) at Object. (C:\Documents\GitHub\my-vue-router-project\node_modules\renderkid\lib\RenderKid.js:22:13) at Module._compile (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:192:30) at require (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:159:20) at Object. (C:\Documents\GitHub\my-vue-router-project\node_modules\pretty-error\lib\PrettyError.js:14:13) at Module._compile (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:192:30) at require (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:159:20) at Object. (C:\Documents\GitHub\my-vue-router-project\node_modules@masx200\webpack-react-vue-spa-awesome-config\node_modules\html-webpack-plugin\lib\errors.js:3:21) at Module._compile (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:192:30) at require (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:159:20) at Object. (C:\Documents\GitHub\my-vue-router-project\node_modules@masx200\webpack-react-vue-spa-awesome-config\node_modules\html-webpack-plugin\index.js:21:21) at Module._compile (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:192:30) at require (C:\Documents\GitHub\my-vue-router-project\node_modules\v8-compile-cache\v8-compile-cache.js:159:20) at exports.createconfig (C:\Documents\GitHub\my-vue-router-project\node_modules@masx200\webpack-react-vue-spa-awesome-config\bin\config.js:72:374) at module.exports (C:\Documents\GitHub\my-vue-router-project\webpack.config.js:7:20) at WebpackCLI.loadConfig (C:\Documents\GitHub\my-vue-router-project\node_modules\webpack-cli\lib\webpack-cli.js:1589:33) at async Promise.all (index 0) at async WebpackCLI.resolveConfig (C:\Documents\GitHub\my-vue-router-project\node_modules\webpack-cli\lib\webpack-cli.js:1608:35) at async WebpackCLI.createCompiler (C:\Documents\GitHub\my-vue-router-project\node_modules\webpack-cli\lib\webpack-cli.js:2085:22) at async WebpackCLI.runWebpack (C:\Documents\GitHub\my-vue-router-project\node_modules\webpack-cli\lib\webpack-cli.js:2213:20) at async Command. (C:\Documents\GitHub\my-vue-router-project\node_modules\webpack-cli\lib\webpack-cli.js:850:25) at async Promise.all (index 1) at async Command. (C:\Documents\GitHub\my-vue-router-project\node_modules\webpack-cli\lib\webpack-cli.js:1516:13) { code: 'ERR_REQUIRE_ESM' }
How to print pretty JSON.stringify(obj, null,2) between block
on multiple lines it all gets squashed to one line?I'm migrating my app from Node 14 to Node 16 and this errors now appears.
[webpack-cli] Failed to load '/app/webpack.config.js' config
[webpack-cli] TypeError: Cannot read properties of undefined (reading 'Descendant')
at Object. (/app/node_modules/renderkid/node_modules/css-select/lib/compile.js:36:56)
at Module._compile (node:internal/modules/cjs/loader:1101:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at require (node:internal/modules/cjs/helpers:102:18)
at Object. (/app/node_modules/renderkid/node_modules/css-select/lib/index.js:29:17)
at Module._compile (node:internal/modules/cjs/loader:1101:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:11[53]
I'm using this module on my app: html-webpack-plugin
that has this dependency:
[email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
I believe renderkid
is still using an older version of css-select
4.3.0 that is not compatible with Node 16. There is a newer version of css-select 5.1.0 that is now updated and in TS that probably works with Node 16. Could you update renderkid
to use this new version os css-select
, please?
Thank you.
The package currently depends on version 2 of css-select. The latest version is version 4.
And the snyk vulnerability database reports a ReDoS vulnerability in css-what (dependency of css-select), that has been patched in the latest version, but still affects codebases using renderkid due to using an older version (see https://app.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035). I don't know whether that vulnerability affects the usage done in renderkid, but tools checking dependencies against a vulnerability database still report it anyway.
It would be great if css-select could be updated to the latest version.
Reference to AriaMinaei/pretty-error#14.
Hi,
I am running into a strange error all of a sudden through my docker image that's using th 14-alpine image. It might have something to do with the version of domutils in renderkid? However I don't know which package is using renderkid. Does anyone know how to find all the packages that are using renderkid? Thanks in advance.
UnhandledPromiseRejectionWarning: TypeError: ext[key].bind is not a function
clientv1_1 | at /home/node/node_modules/renderkid/node_modules/domutils/index.js:12:28
clientv1_1 | at Array.forEach ()
clientv1_1 | at /home/node/node_modules/renderkid/node_modules/domutils/index.js:11:19
Here are the dependencies in my package.json. Does anyone
"dependencies": {
"@antv/data-set": "^0.11.4",
"@craco/craco": "^5.6.4",
"@ethersproject/shims": "^5.1.0",
"@material-ui/core": "^4.10.0",
"@material-ui/icons": "^4.9.1",
"@material-ui/pickers": "^3.2.10",
"@metamask/detect-provider": "^1.2.0",
"@stripe/react-stripe-js": "1.2.0",
"@stripe/stripe-js": "1.11.0",
"axios": "^0.19.2",
"bizcharts": "^4.0.3",
"chartist": "^0.10.1",
"cookie-parser": "^1.4.5",
"crypto-js": "^4.0.0",
"env-cmd": "10.1.0",
"ethers": "^5.1.4",
"history": "^4.9.0",
"libsodium-wrappers": "0.7.8",
"lodash": "^4.17.15",
"material-ui-confirm": "^2.1.1",
"perfect-scrollbar": "^1.4.0",
"qs": "^6.9.4",
"react": "^16.13.1",
"react-bootstrap-sweetalert": "^5.1.9",
"react-chartist": "0.14.3",
"react-csv": "^2.0.1",
"react-dom": "^16.13.1",
"react-dropzone": "^11.0.1",
"react-papaparse": "3.8.0",
"react-redux": "^7.0.2",
"react-router-dom": "^5.2.0",
"react-scripts": "3.4.1",
"react-select": "^3.0.8",
"react-star-rating-component": "^1.4.1",
"react-swipeable-views": "^0.13.9",
"react-virtualized": "9.22.2",
"redux": "^4.0.5",
"redux-thunk": "^2.3.0",
"shuffle-seed": "^1.1.6"
},
"devDependencies": {
"node-sass": "^4.14.1",
"nodemon": "2.0.4",
"prop-types": "^15.7.2",
"redux-devtools-extension": "^2.13.8",
"@testing-library/dom": "7.5.7",
"@testing-library/jest-dom": "^4.2.4",
"@testing-library/react": "^9.3.2",
"@testing-library/user-event": "^7.1.2"
},
Hi @AriaMinaei
I noticed the recent version bump from v2.0.5 -> v2.0.6 included changes that seem pretty substantial. Specifically, I'm looking at 4a7e401 & fa6ecbd
These changes include a lot of major version updates of a bunch of packages:
I'm currently using html-webpack-plugin which has the dependency pretty-error ^2.0.2
which has the dependency renderkid ^2.0.4
due to the use of ^
in the version it is pulling in v2.0.6 which has completely broke this project.
Would it be possible to change the version to be a major version bump since all of the updates that you changed are also major version bumps? so the new version would be v3.0.0 instead of v2.0.6.
Here in the code, the terminal width is defaulted to 80 for non-TTY terminals:
Line 83 in e8c9744
This is causing lines to be cut when using in a context where Node is run using terminal redirection (WebStorm run console, AWS CloudWatch logs, ...)
Would it be possible to introduce an environment variable or a way to change this default value? If yes, I can open a pull-request for that.
Environment variable could be something like RENDERKID_DEFAULT_TERMINAL_WIDTH.
Dependency Hierarchy:
-> html-webpack-plugin-5.3.2.tgz (Root Library)
-> pretty-error-3.0.4.tgz
-> renderkid-2.0.7.tgz
-> strip-ansi-3.0.1.tgz
-> ❌ ansi-regex-2.1.1.tgz (Vulnerable Library)
Suggested fix: Upgrade to version: ansi-regex - 5.0.1,6.0.1
Please help to upgrade the dependency version of strip-ansi to a newer version
The NPM package still installs the old joiful-experiments
dependency.
This causes problems when Node is above v0.10.x because joiful-experiments
uses the deprecated sys
module instead of the util
module.
For now, I will change the dependency in package.json
to AriaMinaei/RenderKid
but it would be nice to keep the NPM package up-to-date so I can just use renderkid
.
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.