storybookjs / mdx1-csf Goto Github PK

Describe the bug
When using the package on storybook 7, on windows with legacyMdx1 enabled it will through the error

ModuleBuildError: Module build failed: UnhandledSchemeError: Reading from "C:ProjectsCodeemergnids-corecore      
ode_modules@storybookmdx1-csf
eact" is not handled by plugins (Unhandled scheme).
Webpack supports "data:" and "file:" URIs by default.

To Reproduce
Steps to reproduce the behavior:

Install storybook 7, add the package to support mdx1

Expected behavior
Simply work

Is your feature request related to a problem? Please describe.
When I install this package, I will get a warn:

I found the reference chain is:
'@mdx-js/[email protected]' -> '[email protected]' -> '@babel/[email protected]'.

Describe the solution you'd like
I hope mdx1-csf can upgrade the version of '@mdx-js/mdx' to v2.
I found mdx2-csf depend on v2.https://github.com/storybookjs/mdx2-csf/blob/next/package.json#L43
Would it be better if they used the same version?

Thanks for reading my request.

/src/stories/Button.tsx, /src/stories/Header.tsx and /src/stories/Page.tsx contain import statements for CSS files.

Even though the files array of the package manifest states "dist/**/*", the Babel build scripts specify "--extensions ".js,.jsx,.ts,.tsx"".
So that might be the reason that the CSS files are missing in the published package.

Describe the bug

@types/lodash is currently declared as a dependency. This is unnecessary since @types/lodash is a build time dependency, so it should be moved to devDependency instead.

To Reproduce
Steps to reproduce the behavior:

1. Initialize a new package and install mdx1-csf
2. Verify @types/lodash is installed

Expected behavior

@types/lodash is not installed.

Additional context

I hit this issue because of a conflicting type with underscore.

Describe the bug
This project has a critical security issue.

It is currently using @mdx-js/mdx in version 1.x which uses remark-parse which uses an insecure trim version. E.g. updating to @mdx-js/mdx version 2.x will fix that security issue.

To Reproduce
Steps to reproduce the behavior:

1. create new Project with npm init
2. Add the package npm install --save @storybook/mdx1-csf
3. Check for security issues npm audit
4. See high security issue

Expected behavior
No security issues in @storybook/mdx1-csf

Screenshots

Describe the bug

Test-runner has a dep vulnerability related to trim 0.0.1
Force to use trim 0.0.3 breaks the storybook build on my side.

trim  <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix --force`
Will install @storybook/[email protected], which is a breaking change
node_modules/trim
  remark-parse  <=8.0.3
  Depends on vulnerable versions of trim
  node_modules/remark-parse
    @mdx-js/mdx  <=1.6.22
    Depends on vulnerable versions of remark-mdx
    Depends on vulnerable versions of remark-parse
    node_modules/@mdx-js/mdx
      @storybook/mdx1-csf  *
      Depends on vulnerable versions of @mdx-js/mdx
      node_modules/@storybook/mdx1-csf
        @storybook/csf-tools  6.5.0-alpha.1 - 6.5.17-alpha.0
        Depends on vulnerable versions of @storybook/mdx1-csf
        node_modules/@storybook/csf-tools
          @storybook/test-runner  >=0.0.9--canary.107.1b41303.0
          Depends on vulnerable versions of @storybook/csf-tools
          node_modules/@storybook/test-runner

Environment

• OS: iOS
• Node.js version: 16.13.0
• NPM version: 8.1.0

Additional context

I'm using

"@storybook/vue": "6.5.16",
"@storybook/test-runner": "0.9.4"