icon-font-generator icon indicating copy to clipboard operation
icon-font-generator copied to clipboard

Published 20 hours ago verified publisher icon Workshape

`webfonts-generator` is now read only

Open karelbilek opened this issue 5 years ago • 9 comments
trafficstars

webfonts-generator - a dependency of this module - is now read-only on github; I think that means the author doesn't want to update it anymore

https://github.com/sunflowerdeath/webfonts-generator

it does not seem to cause any issue yet

karelbilek avatar Mar 13 '20 06:03 karelbilek

There is a big issue: it depends (via its dependency on ttf2woff2) on an old version of minimist which has vulnerability CVE-2020-7598. That means this can no longer be used in production.

instantlinux avatar Mar 23 '20 16:03 instantlinux

Oh damn. So this should be either updated or reworked.

karelbilek avatar Mar 23 '20 17:03 karelbilek

A colleague noticed: minimist is referenced in this repo (https://github.com/Workshape/icon-font-generator/blob/a9ac3b34c7343ee6157176a6a2af00e29939b41c/package.json#L19) so maybe it can be fixed by simply bumping the version from 1.2.0 to 1.2.5. It won't solve the lack of support by author of webfonts-generator, which will take a lot more effort to fix.

instantlinux avatar Mar 23 '20 21:03 instantlinux

I would say "make a PR" but it seems even PRs in this repo seem unmerged, so... I don't think that would help either :(

karelbilek avatar Mar 24 '20 08:03 karelbilek

anyway, instead of depending on this, I made my own docker images for docker. It's not related to node at all, but it works for me. (docker is required, and some custom scripting to run it is necessary)

https://github.com/karel-3d/fontcustom-docker

and this thing to fix the issue in fontcustom with un-centered SVGs

https://github.com/karel-3d/center-svg-docker

it's very complex for "a simple task", but the only thing I managed.

karelbilek avatar Mar 24 '20 08:03 karelbilek

@karelbilek @instantlinux

Do you continue to use icon-font-generator or have you adopted any other library? I am evaluating the icon-font-generator but I am afraid, due to this issue of dependencies.

Thank you

jimmyandrade avatar Sep 27 '20 15:09 jimmyandrade

it does not seem to cause any issue yet

I'm afraid it does, see issue #83 :(

TimGeibel avatar Oct 20 '20 09:10 TimGeibel

@jimmyandrade I instead wrote this little thing

https://github.com/karelbilek/fontcustom-golang-svg-center-docker

that uses fontcustom and inkscape inside docker to create the font. (I have not been able to install fontcustom outside of docker. Too many dependencies.)

I use this to generate icon font.

It requires docker and is not node.js at all. (It uses a lot of black magic underneath, but it works.)

It is ugly and I planned to make it less hairy and more user friendly... but no time :(

karelbilek avatar Oct 20 '20 16:10 karelbilek

As this was the biggest issue with the library, I've just deprecated icon-font-generator and published a complete rewrite (has breaking changes) -> fantasticon

It's typescript and has good test coverage, which should make it way easier to maintain and accept contributors 👍

tancredi avatar Oct 23 '20 02:10 tancredi