在Github上处理“消失的” nodejs包

时间:2018-12-12 13:49:32

标签: npm

TL:DR;

一般而言,当Github中的Javascript依赖项消失时,开发人员/ DevOps应该采取什么措施来防止npm构建被杀死?软件包维护者为什么要从Npm 删除标记的工件?

以下是一个示例

 [exec] Downloading binary from https://github.com/sass/node-sass/releases/download/v4.9.3/win32-x64-67_binding.node
 [exec] Cannot download "https://github.com/sass/node-sass/releases/download/v4.9.3/win32-x64-67_binding.node":
 [exec]
 [exec] HTTP error 404 Not Found

我是在问以下问题:1)迫切需要发布依赖于npm软件包的软件,以及2)在更改/更新Javascript依赖项时需要重新运行手动质量检查。

发生这些问题时,我知道我必须升级依赖项。我只是想知道如何防止这些问题被阻止和升级,尤其是当我必须完成紧急发布时。

长版

我们的软件与其他软件一起由gulp构建任务组成。很久以前,我们唯一的Javascript developer 专家制作了构建脚本。他最近离开了,所以我只剩下一些我能胜任但不是专家的东西。

一段时间前,我们遇到了上述问题,并遇到了另一个我不记得的软件包。请注意,我们没有正确地维护 Javascript依赖项。我们的packages.json一年内没有更新(在评论安全性之前请阅读约束#2),然后有一天突然,当我们需要发布影响生产客户的错误修正版本时,Gulp停止工作我无法建立。

当我们显然使用了过时的软件包时,我花了半天的时间来修复依赖关系

我的问题是我有约束条件:1)根据管理政策,不允许使用通配符依赖版本来构建我们的软件,而只能使用固定的依赖版本; 2)我们的客户不提供资金我们足以维持脆弱的依赖关系;他们可以运行遗留依赖性。

我选择将时间的前半小时用于研究并在这里询问。

我们的package.json文件为:

{
  "name": "Phoenix3",
  "version": "0.0.2",
  "config": {
    "unsafe-perm": true
  },
  "dependencies": {
    "font-awesome": "4.7.0",
    "@flowjs/flow.js": "2.13.0",
    "@flowjs/ng-flow": "2.7.8",
    "angular": "1.7.2",
    "angular-animate": "1.7.2",
    "angular-aria": "1.7.4",
    "angular-chart.js": "1.1.1",
    "angular-cookies": "1.7.2",
    "angular-fancybox-plus": "1.0.3",
    "angular-i18n": "1.7.2",
    "angular-material": "1.1.10",
    "angular-messages": "1.7.2",
    "angular-resource": "1.7.2",
    "angular-sanitize": "1.7.2",
    "angular-smart-table": "2.1.11",
    "angular-timeago": "0.4.6",
    "angular-timer": "1.3.5",
    "angular-touch": "1.7.2",
    "angular-ui-bootstrap": "2.5.6",
    "angular-ui-codemirror": "0.3.0",
    "angular-ui-mask": "1.8.7",
    "angular-ui-tree": "2.22.6",
    "angular-ui-utils": "0.1.1",
    "angularjs-toaster": "2.2.0",
    "bootstrap": "3.3.7",
    "bootstrap-sass": "3.3.7",
    "chart.js": "2.7.2",
    "checklist-model": "1.0.0",
    "codemirror": "5.32.0",
    "file-saver": "1.3.3",
    "humanize-duration": "3.15.1",
    "jquery": "3.3.1",
    "jquery-fancybox": "3.1.0",
    "jquery-ui": "1.12.1",
    "jquery.browser": "0.1.0",
    "lr-sticky-header": "1.1.0",
    "matchmedia-polyfill": "0.3.0",
    "ng-tags-input": "3.2.0",
    "ngstorage": "0.3.11",
    "node-sass": "4.9.3",
    "npm-font-source-sans-pro": "0.0.3",
    "pivottable": "2.1.0",
    "screenfull": "3.0.2",
    "simple-line-icons": "2.4.1",
    "ui-select": "0.19.8",
    "underscore": "1.8.3"
  },
  "devDependencies": {
    "@babel/core": "7.1.0",
    "ajv": "6.5.3",
    "ajv-keywords": "3.2.0",
    "autoprefixer": "6.2.3",
    "babel-loader": "8.0.2",
    "babel-preset-es2015-without-strict": "0.0.2",
    "bless-webpack-plugin": "1.0.0",
    "bower-webpack-plugin": "0.1.9",
    "clean-webpack-plugin": "0.1.9",
    "css-loader": "0.23.1",
    "del": "2.1.0",
    "exports-loader": "0.6.2",
    "expose-loader": "0.7.1",
    "extract-text-webpack-plugin": "3.0.2",
    "file-loader": "0.8.5",
    "gulp": "4.0.0",
    "gulp-bless": "3.0.1",
    "gulp-concat": "2.6.0",
    "gulp-copy": "4.0.0",
    "gulp-data": "1.2.0",
    "gulp-eslint": "5.0.0",
    "gulp-flatten": "0.4.0",
    "gulp-footer": "1.0.5",
    "gulp-git": "1.11.3",
    "gulp-header": "1.7.1",
    "gulp-if": "2.0.0",
    "gulp-inject": "3.0.0",
    "gulp-jscs": "4.1.0",
    "gulp-jshint": "2.1.0",
    "gulp-minify-css": "1.2.1",
    "gulp-ng-annotate": "1.1.0",
    "gulp-ngdocs": "0.3.0",
    "gulp-protractor": "4.1.0",
    "gulp-rename": "1.2.2",
    "gulp-sass": "4.0.1",
    "gulp-strip-debug": "1.1.0",
    "gulp-template": "5.0.0",
    "gulp-uglify": "1.5.1",
    "gulp-util": "3.0.7",
    "html-webpack-plugin": "3.2.0",
    "import-glob-loader": "1.1.0",
    "imports-loader": "0.6.5",
    "istanbul-instrumenter-loader": "3.0.1",
    "jshint": "2.9.6",
    "merge-stream": "1.0.1",
    "minimatch": "3.0.4",
    "moment": "2.22.2",
    "null-loader": "0.1.1",
    "phantomjs": "2.1",
    "postcss-loader": "0.8.0",
    "protractor": "5.4.1",
    "raw-loader": "0.5.1",
    "resolve-url-loader": "1.4.3",
    "run-sequence": "1.1.5",
    "sass-loader": "7.1.0",
    "style-loader": "0.13.0",
    "ts-helpers": "1.1.1",
    "ts-loader": "0.8.2",
    "ts-node": "0.7.1",
    "tslint": "3.7.1",
    "tslint-loader": "2.1.3",
    "typedoc": "0.12.0",
    "typescript": "1.8.10",
    "url-loader": "1.1.1",
    "webpack": "4.19.1",
    "webpack-dev-server": "3.1.8"
  },
  "scripts": {
    "tslint": "tslint",
    "typedoc": "typedoc",
    "typings": "typings",
    "pnxdev": "gulp dev",
    "pnxprod": "gulp prod",
    "pnxdoc": "gulp doc",
    "pnxinstall": "npm --cache-min 9999999 install ",
    "pnxwatch": "gulp watch",
    "test": "gulp webdriver_update && gulp test",
    "webpack-dev": "npm install && gulp webdriver_update && ./node_modules/.bin/webpack",
    "webpack-prod": "npm install && gulp webdriver_update && NODE_ENV=production ./node_modules/.bin/webpack",
    "webpack-start": "./node_modules/.bin/webpack-dev-server"
  }
}

所以直到上周一切都很好,今天node-sass版本4.9.3不再存在于GitHub(really?)上,或者至少根据我发布的日志无法访问。

问题是

为什么工件被释放后,它们从Github中消失了吗?

我习惯于Maven和NuGet保留工件的永久历史。我们公司使用Artifactory服务器缓存Java资源,但是我们还没有购买Artifactory Pro来永久存储Npm资源

在不切换到通配符版本的情况下,考虑到构建停滞不前肯定会更改计划,开发人员/开发人员可以做什么以防止将来发生这些问题?

0 个答案:

没有答案