[#21295] - npm install
- Closed
- 29 Jul 2018
- Medium
- Build: staging
- # 21295
After waiting 30 minutes for npm install to complete (most of it without any progress indicator) I am left with the following message
found 26 vulnerabilities (10 low, 15 moderate, 1 high) in 8425 scanned packages
run `npm audit fix` to fix 16 of them.
10 vulnerabilities require manual review. See the full report for details.
Is that correct? It doesn't look good
joomla-cms-bot
- | Labels |
Added:
?
|
||
Composer was fast but npm took far too long. :(
franz-wohlkoenig
- | Status | New | ⇒ | Discussion |
| Category | ⇒ | Unit Tests |
| Category | Unit Tests | ⇒ | Repository Unit Tests |
I think the vulnerabilities are gone now since Dimitris did a PR to update the packages to its newer versions. Not sure thought.
NPM took around 5 minutes on my server, 30 minutes sure sounds like a lot, but I'm sure that depends a lot on the enviroment and internet speed. Personally, I already find 5 minutes way to long.
To be clear it was not the download speed but the time taken for the build scripts to complete. Especially as there is no progress indicator and you might think it had simply crashed
I already find 5 minutes way too long.
I'm sorry for this, the problem right now is that we have mixed es5/es6 files and we have to:
- transpile the es6-> es5 (minified files generated here)
- minify the js files, oops this will also redo the minification part already done in the transpiling part
- the script wrongly minifies ALL the js in the media folder (even vendor) that's why is sooooo slow
Oh thats strange, it takes long but 30 minutes. I have seen that it takes some time in our CI setup 90 sec. IIRC, seems that is something we need to look at
Trying again without any change - everything works well until it gets to
node build.js --compilejs && node build.js --compilecss && node build.js --compilecejs
that's where is just sits for a very long time without any indicator of activity
it does seem to be working faster now - about 3-4 minutes - weird
Still wish there was a progress bar on that last stage
or maybe it can be broken up into three individual tasks and not a single combined one - at least that would give more frequent feedback
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-07-29 17:25:52 |
| Closed_By | ⇒ | brianteeman |
Not that this will help you but for me composer install and npm install takes 3.5 minutes total.
I have reviewed the vulnerabilities, all of them are used from our dev tools sass and karma so I would say you can savely ignore the messages. But we should look that we don't get "vulnerabilities" messages because it will make people confused. The downside of node is that you end up quickly in using thousands packages (we already at 8400) even if you do simple tasks.