Forum Discussion

Claudius's avatar
6 years ago

2019 Update of Community SDK dependencies

Just trying to get set up with the Community SDK on my Mac (and miserably failing, but that is a different story). When running the 

npm install lithium-sdk -g

command there is a never-ending list of deprecation notices about moved, unmaintained and even unsupported packages, e.g.

 

npm WARN deprecated hawk@1.1.1: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated cryptiles@0.2.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@0.2.4: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated boom@0.4.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek@0.9.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).

 

Is there a chance to move the code base to a safer environment by updating to more modern, supported packages any time soon? I am a bit concerned to install all these outdated packages on my work machine. 😱

9 Replies

  • Second this, as a workaround for the short term I use nvm to install Node v8.3.0 on my machines and switch to that version which should run fine.

    It is a bit of a pain though having so much of it dependent on outdated packages, some security risks there.

  • I also agree that is should be updated. This would make things easier if there are issues due to the availability of support for the newer version or modern packages.

    I would think it as a lesser pain for both Khoros Support and us.

  • SamR's avatar
    SamR
    Genius
    6 years ago

    I have no idea what this means but the dev team feel it needs to be looked at. Happy devs, happy life for me.

     

    🙂 🙂

  • Definitely needs some love. 2 releases since December 2017 one of which added a language pack and the other was a bug fix for the first release.

  • luk's avatar
    luk
    Boss
    6 years ago

    That's actually an issue for quite a while, welcome to dependency hell =)!

  • Don't get me wrong, love working with the SDK, it's so much more efficient when it comes to modifying the skin in particular, however it just appears to be an afterthought within the company.

  • AlejandroRF's avatar
    AlejandroRF
    Khoros Alumni (Retired)
    6 years ago

    nvm is a life-saver indeed

    Updating lithium-sdk would affect a lot of users so it needs to be done carefully (and very well tested too) so it does not affect workflows around the world

    I am sure that it will get an update sooner rather than later 👍

  • Inactive User's avatar
    Inactive User
    5 years ago

    Yes, PLEASE FOR THE LOVE OF GOD PLEASE UPDATE THE SDK TO USE A RECENT VERSION OF NODE. It interferes with other things. 

    And it breaks so easily on update.