Comments (11)
Ok. so my new approach worked (generate parse necessary info on the fly).
I will be able to change code in a way so that it will require static amount of ram and Node will not go crazy. Give me some time and I will push new version. ;)
p.s. low: 7368, moderate: 171, high: 9558, critical: 0
OMG :D
from yarn-audit-html.
Thanks for the quick fix. This works really well. I'm fine with the time it take to run. It works and that's the main thing.
I tested with Git Bash, Command Prompt and PowerShell. The first two worked fine, but PowerShell still failed with the same error as before. It's ok, though. I was just going through the options in Visual Studio Code, and I can always use the other two.
Thanks again!
from yarn-audit-html.
Hey @kenlyon ,
Thank for reaching out.
O wow, 15.9GB. ok. :/ hmmm :D
I personally haven't experienced this problem but I had big audit result which was resulting similar issue. I say similar because the solution might be the same.
I wonder if reading from file as a stream will help. As of audit JSON is JSONL type I think it will be possible to read and generate result on the fly instead of reading everything and then having it output.
I will also try to take a look at encoding problem. :/ Although I don't use Windows. So I will appreciate help very much with this one.
Is there a way so that you can share your audit file somehow?
from yarn-audit-html.
On a second glance. :/ this might be a different issue as of index.js#59 is in readable steam (as far as I understand). So having example file will help a lot to debug.
I suppose one of the easiest ways to pass me logs will be if I will generate logs with your package.json(only interesting parts are dependency related fields) and yarn.lock. So if you can(legally) pass me those files and your Node and yarn versions, that would be awesome.
from yarn-audit-html.
@davityavryan I have the file ready for you. (Zipped down to a much more manageable 477 MB. I'd prefer not to share it publicly, though. What would be the best way to send you the download link? I didn't see an email address or anything in your profile and I don't know if we can send a direct message here.
from yarn-audit-html.
Hey @kenlyon, you can try to join https://gitter.im/yarn-audit-html where you can write me personal message. ;)
Let me know if you have any problems.
from yarn-audit-html.
@davityavryan Yes it's fair to say I'm a bit overdue on the audit - hence the need for a convenient tool to show it as HTML. :) You can't leave these package lock files untouched for too long or the world leaves you behind.
from yarn-audit-html.
You can't leave these package lock files untouched for too long or the world leaves you behind.
Yeap, yeap. That's the reason I introduced this tool.
Personally I am upgrading devDependencies
in my packages once a month and non-dev-dependencies
once in two months (to just not introduce many breaking changes(some times you can miss any specific migration point, or do a mistake)).
I guess in your case (so far that I saw), solution will be to upgrade react-scripts
package, but personally I am not using it for a long time. I use esbuild which is 100+ times faster. If you don't want to handle manual configuration though, you can use webpack + esbuild. Give a try with this example, this is my other package's documentation builder. I am sure you would appreciate the speed improvement.
I will try to fix the problem in this package for use-cases like this of course. it's just you still need to upgrade anyway.
from yarn-audit-html.
Also you can do
yarn upgrade-interactive
which will show you "safe" to upgrade (minor or patch) versions of packages, which in theory will not introduce any breaking changes.
yarn upgrade-interactive --latest
will show you with breaking changes. But I would do this one separately.
And if you will run yarn-deduplicate package after your upgrades, you will also eliminate all duplicated dependencies. (yarn does deduplication, but it is not 100% good one). This will also speed up install of packages and you will have less vulnerabilities and less packages to maintain.
Remember less packages --> less vulnerabilities ;)
p.s. I am working on a tool which is based on this one which can be used on PRs and show newly introduced vulnerabilities only.
from yarn-audit-html.
@kenlyon this is your audit file. sorry I am still working on fixing the issue. But this is the first result.
yarn-audit.html.zip
from yarn-audit-html.
Hey @kenlyon
Try new yarn-audit-html@^3.0.0
released version. I tried with your log and it is taking from 2 to 3 minutes to generate the report, but at least it is working :) (and for that huge audit log file, it is kind of ok IMO).
Changes included:
https://github.com/davityavryan/yarn-audit-html/releases/tag/v2.1.0
https://github.com/davityavryan/yarn-audit-html/releases/tag/v3.0.0
Let me know if you experience any issues (including PowerShell, I did not check in there, sorry).
If everything is ok, then close this issue and feel free to
from yarn-audit-html.
Related Issues (13)
- After upgrading to 1.3.0 the report is missing details about the vulnerable dependencies HOT 10
- Make yarn-audit-html exit with code "1" when vulnerabilities found HOT 3
- Error when I trying create a report HOT 3
- fails to generate report HOT 5
- Add a --title parameter HOT 2
- Fails to generate report with Yarn 2 HOT 12
- Fails to generate if reported_by is null HOT 5
- Fails to generate if metadata is null HOT 4
- Dependency Dashboard
- High vulnerability when running yarn audit HOT 2
- Fails to create HTML report with v4.0.0 HOT 3
- Feature request: add api for programmatic use HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yarn-audit-html.