tborychowski / courier Goto Github PK
View Code? Open in Web Editor NEWa self-hosted parcel tracker
License: GNU General Public License v3.0
a self-hosted parcel tracker
License: GNU General Public License v3.0
Hello,
The image on Docker Hub only supports amd64
when the base image (alpine
) also supports arm/v6
and arm/v7
, which would allow users to user courier on Raspberry Pies and similar ARM-based SBCs.
See
Hello,
I just deployed courier 0.0.9 and I encounter the following problems/errors:
/api/trackings
returns an HTTP 500 error with {"code":500,"msg":"Internal server error."}
as the response[09:03:59] [info] --- STARTING -----------------------------------------------------
[09:03:59] [info] Server started: http://localhost:3000
[09:15:56] [info] Caching response for: /trackings?pageId=1&limit=100
[09:15:56] [error] Internal server error.
[09:15:57] [info] Caching response for: /couriers/list
node:fs:585
handleErrorFromBinding(ctx);
^
Error: ENOENT: no such file or directory, open '/app/server/cache/couriers-list.json'
at Object.openSync (node:fs:585:3)
at Object.writeFileSync (node:fs:2153:35)
at Object.writeFileSync (/app/node_modules/jsonfile/index.js:78:13)
at setCache (/app/server/lib/request.js:22:5)
at /app/server/lib/request.js:55:4
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
errno: -2,
syscall: 'open',
code: 'ENOENT',
path: '/app/server/cache/couriers-list.json'
}
Node.js v17.2.0
[09:15:59] [info] --- STARTING -----------------------------------------------------
[09:15:59] [info] Server started: http://localhost:3000
The current "latest" container on Docker Hub targets arm64 instead of amd64, which seems to be a change from previous images.
I'm guessing this was done by mistake, but if ARM is the preferred platform going forward, a "latest-amd" tag for the equivalent version targeting x86_64 would be much appreciated.
The Expected field is off by a day on all of my deliveries.
You can see in the network response that "expected_delivery" for the "Rift S" tracking is "2021-05-17", but Courier displays "Expected" as "Sun May 16 2021".
I suspect this has something to do with the Javascript Date object converting between UTC and local time.
Hello,
Due to the lack of multi-arch image on Docker Hub (see #3), I tried building the image myself on my ARM-based SBC and encountered the following error:
sudo docker build https://github.com/tborychowski/courier.git -t tborychowski/courier:0.0.9-arm
Sending build context to Docker daemon 769.5kB
Step 1/9 : FROM node:alpine
alpine: Pulling from library/node
be307f383ecc: Pull complete
1822d4fff1a7: Pull complete
a1faa0e8c7a6: Pull complete
45097cae72dc: Pull complete
Digest: sha256:e64dc950217610c86f29aef803b123e1b6a4a372d6fa4bcf71f9ddcbd39eba5c
Status: Downloaded newer image for node:alpine
---> 931d0903ad7e
Step 2/9 : RUN apk --no-cache add curl
---> Running in 96ae3401c6b8
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/aarch64/APKINDEX.tar.gz
(1/5) Installing ca-certificates (20191127-r5)
(2/5) Installing brotli-libs (1.0.9-r5)
(3/5) Installing nghttp2-libs (1.43.0-r0)
(4/5) Installing libcurl (7.79.1-r0)
(5/5) Installing curl (7.79.1-r0)
Executing busybox-1.33.1-r6.trigger
Executing ca-certificates-20191127-r5.trigger
OK: 9 MiB in 21 packages
Removing intermediate container 96ae3401c6b8
---> 6ebbd8dd18d4
Step 3/9 : EXPOSE 3000
---> Running in 26f18f4dfc8c
Removing intermediate container 26f18f4dfc8c
---> 2571d94fe69f
Step 4/9 : WORKDIR /app
---> Running in 141259bd01e6
Removing intermediate container 141259bd01e6
---> ef252dbf269a
Step 5/9 : COPY *.* ./
---> 4f09ae8f54f5
Step 6/9 : RUN npm ci --only=production
---> Running in 685af1a80aaa
npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated [email protected]: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
added 94 packages, and audited 95 packages in 35s
1 package is looking for funding
run `npm fund` for details
2 vulnerabilities (1 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
npm notice
npm notice New minor version of npm available! 8.1.4 -> 8.3.0
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.3.0>
npm notice Run `npm install -g [email protected]` to update!
npm notice
Removing intermediate container 685af1a80aaa
---> 7aff909f1c76
Step 7/9 : COPY public ./public
COPY failed: file not found in build context or excluded by .dockerignore: stat public: file does not exist
Not sure what info I can give you to help troubleshooting the issue.
The Docker build does not work and assumes app build is done locally. This should be done in the Docker build stage as well. This will allow users to easily build the project as well as enable automatic builds in Docker Hub or GitHub Actions & GHCR.
There are a number of Vulnerabilities and deprecated packages being reported during the npm build. Enabling DependaBot on this repo would help automate these.
12 vulnerabilities (4 moderate, 7 high, 1 critical)
# npm audit
# npm audit report
axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/axios
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/glob-stream/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
glob-watcher 3.0.0 - 5.0.5
Depends on vulnerable versions of chokidar
node_modules/glob-watcher
glob-stream 5.3.0 - 6.1.0
Depends on vulnerable versions of glob-parent
node_modules/glob-stream
vinyl-fs 2.4.2 - 3.0.3
Depends on vulnerable versions of glob-stream
node_modules/vinyl-fs
gulp >=4.0.0
Depends on vulnerable versions of glob-watcher
Depends on vulnerable versions of vinyl-fs
node_modules/gulp
gulp-nodemon >=2.4.1
Depends on vulnerable versions of gulp
node_modules/gulp-nodemon
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/simple-update-notifier/node_modules/semver
simple-update-notifier 1.0.7 - 1.1.0
Depends on vulnerable versions of semver
node_modules/simple-update-notifier
nodemon 2.0.19 - 2.0.22
Depends on vulnerable versions of simple-update-notifier
node_modules/nodemon
simple-git <=3.15.1
Severity: critical
Command injection in simple-git - https://github.com/advisories/GHSA-3f95-r44v-8mrg
Remote code execution in simple-git - https://github.com/advisories/GHSA-9w5j-4mwv-2wj8
Command injection in simple-git - https://github.com/advisories/GHSA-28xr-mwxg-3qc8
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol - https://github.com/advisories/GHSA-9p95-fxvg-qgq2
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.