Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM Vulnerabilities #1

Open
ghost opened this issue Sep 29, 2018 · 5 comments
Open

NPM Vulnerabilities #1

ghost opened this issue Sep 29, 2018 · 5 comments
Assignees
@extrabright
Labels
enhancement New feature or request

Comments

@ghost
Copy link

ghost commented Sep 29, 2018

It seems you need to do some updating for this build process, when running npm install we get the following vulnerabilities warning:

added 1238 packages from 684 contributors and audited 13219 packages in 60.66s
found 15 vulnerabilities (3 low, 6 moderate, 6 high)

When running npm audit fix we see the result:

fixed 0 of 15 vulnerabilities in 13219 scanned packages
10 vulnerabilities required manual review and could not be updated
1 package update for 5 vulns involved breaking changes

I would humbly recommend replacing gulp with Laravel Mix. Mix provides all the build tools you need to build a dynamic JS application with very minimal setup.

If I have some time in the upcoming week I might spec this out and submit a pull request, but please look into replacing this, it creates a much more elegant and developer friendly build environment and can literally be dropped into any project without the need for a declared dist or other build destination.

Thanks as always for all your hard work on this, it's beautiful =)
@extrabright
Copy link
Contributor

Hi,

Thanks a lot for your message. I understand that. However, this theme is not a Laravel app, so there is no need to use a whole framework just for using the Mix they offer.

On the other side NPM will not be the default method in the near future for us. In the next update we will drop npm and use Yarn instead.

But, please, feel free to send us the specs and we'll take a look. Maybe something good will come out from this :)

@extrabright extrabright self-assigned this Oct 4, 2018
@extrabright extrabright added the enhancement New feature or request label Oct 4, 2018
@ghost
Copy link
Author

ghost commented Oct 4, 2018

Wow. I'm not even sure where to begin.

Laravel-Mix is a wrapper for webpack, it has no dependency on Laravel, it can be used in any application. Maybe you should check it out before you discount it https://laravel-mix.com

Next ... yarn is a package manager for npm and in reality IS an npm package itself. It doesn't really have anything to do with your app. It's installed globally on a user's computer and then they can manage dependencies using yarn or npm, there's not a lot of difference other than the additional benefits you might get in speed and caching from aliasing yarn.

You can take a look at my argon fork which integrates Mix, Vue and Vuex and I've begun to build out all the example pages into dedicated Vue components.

@ghost
Copy link
Author

ghost commented Oct 4, 2018

I jumped the gun, I haven't pushed any of the Vue set up yet, my bad.

@extrabright
Copy link
Contributor

It sounds really good. I will play a bit with Laravel Mix and see how it goes :)

@ghost
Copy link
Author

ghost commented Oct 5, 2018

@extrabright

The full Vue spa version is available on my fork. Check readme for install instructions. Still need to work in the tabs for the dashboard sales chart, any help would be appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@extrabright extrabright

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@extrabright