node-sass
node-sass copied to clipboard
sass
request has gone into maintenance mode. Maybe replace it.
Dear team,
thanks for your work!
I would like to report that the package request which you are loading has went into maintenance mode https://github.com/request/request/issues/3142
Therefore, yarn is currently giving me:
warning node-sass > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 warning node-sass > node-gyp > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
Maybe you find time (and a good replacement) to replace it for your upcoming major release. Thanks!
That is not a big issue. We could possibly drop the usage of request completely but this could mean some issues for users connecting via proxy.
As your message shows, "request" is also used by node-gyp, so removing it here wouldn't remove the transitive dependency or that second warning. Updating node-gyp is something we're not looking at till the next major version because of breaking changes, but it looks like the latest node-gyp is also still using request https://github.com/nodejs/node-gyp/blob/dab030536b6a70ecae37debc74c581db9e5280fd/package.json#L31
ftw I used node-fetch
Doing a quick look shows it doesn't have any support for proxies, and wouldn't be a suitable replacement
@nschonni Thanks for a response and a wonderful lib used by me and thousands.
I do think it puts pressure on gyp if they are the only ones not solving it. However, I have no awareness of the effort, so no matter what, thank you for your efforts!
We've looked at this a few times in the past. Previously we've been blocked on backwards compatibility since most request alternatives would require us to drop legacy Node support.
With v5 coming up we're in a position to make this breaking change. I've re-surveyed the http library landscape based the following resources:
- https://github.com/request/request/issues/3143
- https://www.npmjs.com/package/got#comparison
The most viable alternatives IMHO in order of preference are:
- https://github.com/npm/make-fetch-happen
- https://github.com/axios/axios
There are some shinier, newer options but most refuse to support proxies out right. For this reason make-fetch-happen is the most appealing as it has robust proxy support as a result of being used within npm itself.
@xzyfer just to throw my two cents in, I don't think backwards compatibility should be a factor whatsoever for a major release when it means keeping deprecated packages. My personal vote would be to remove the dependency completely, and people who rely on legacy node versions (who probably aren't updating a lot of things anyways) can use the older versions. I'd also say proxy support should be added in its own separately maintained package if it causes this much headache in updating the main package to not rely on deprecated packages
Does anyone have a workaround for this? When I run yarn and it tries to compile node-sass, it throws an error. I know this is due to the deprecated node-gyp trying to use VS2019 to compile. I've installed the windows build tools for VS2017 and VS2015 but how do I get it to look there?
gyp ERR! stack Error: spawn C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\MSBuild\15.0\Bin\MSBuild.exe ENOENT gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:264:19) gyp ERR! stack at onErrorNT (internal/child_process.js:456:16) gyp ERR! stack at processTicksAndRejections (internal/process/task_queues.js:80:21) gyp ERR! System Windows_NT 10.0.18362 gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\ProjAngular\\SupervisionServices\\node_modules\\devextreme-cli\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library=" gyp ERR! cwd C:\ProjAngular\SupervisionServices\node_modules\devextreme-cli\node_modules\node-sass gyp ERR! node -v v12.13.1 gyp ERR! node-gyp -v v3.8.0 gyp ERR! This is a bug in node-gyp.
@nhustak can you try npm config set msbuild_path "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\MSBuild.exe" ? See https://github.com/sass/node-sass/pull/2862 and https://github.com/nodejs/node-gyp/issues/1663 for more context
@saper as a solution for proxy you could use standard node API and pass a hook for Agent, so people could easily use proxy-agent.
One more deprecation from request...
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: this library is no longer supported
AFAIK there is still no alternative with proxy support. If that situation changes we will happily switch over.
On Fri, 12 Feb 2021, 1:19 pm Alessandro Barbieri, [email protected] wrote:
Any progress on this?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sass/node-sass/issues/2851#issuecomment-777924909, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAENSWGESBH45WLAEHI3WR3S6SF4BANCNFSM4KVWQI3Q .
@xzyfer what's wrong with make-fetch-happen or axios or a hook for proxy-agent?
I still return to proxy support should be its own separate add-on if it causes this much of a problem in getting rid of deprecated insecure packages for the majority of users
According to https://github.com/sass/node-sass/issues/2851#issuecomment-817684689 and https://github.com/sass/node-sass/issues/2851#issuecomment-586930150 it's obvious that make-fetch-happen is final choice. Can someone please confirm this, to make it clear for some future PR's, eg to prevent unnecessary work, like https://github.com/sass/node-sass/pull/2961
Hi. I need some hit which node-sass version to use. 7.0.3 still depends on outdate request package.
