aframe icon indicating copy to clipboard operation
aframe copied to clipboard

Published 20 hours ago verified publisher icon aframevr

npm install operations take 10+ minutes longer

Open jconnolly-bond opened this issue 3 years ago • 3 comments
trafficstars

Description:

  • A-Frame Version: 1.3.0, 1.2.0
  • Node: v14.19.3 (npm v6.14.17)
  • Ubuntu 20.04.4
  • Reproducible Code Snippet or URL:
npm init

npm install aframe --save

It now takes 800+ seconds for npm ci to complete, whereas a build that ran May 13th took ~60 seconds to complete. That is in an existing project but the issue is seen in fresh projects where aframe is the only dependency as shown above. If aframe is removed as a dependency then the time to run npm ci returns to around 40-60 seconds.

I am seeing this across multiple machines as well as when setting up a fresh docker container with node:14, creating an npm project and installing aframe there.

The installation seems to hang a long time on fetchMetadata: resolveWithNewModule [email protected] checking installable status

Are there any ideas on why this might have started happening suddenly?

jconnolly-bond avatar May 26 '22 17:05 jconnolly-bond

No idea. Nothing has changed on the A-Frame side since May 13th. It seems some npm issue but can't tell for sure. Maybe give yarn a try?

dmarcos avatar May 26 '22 20:05 dmarcos

As of March 15th github made some changes permanent relating to git protocols https://github.blog/2021-09-01-improving-git-protocol-security-github/

March 15, 2022 Changes made permanent. We’ll permanently stop accepting DSA keys. RSA keys uploaded after the cut-off point above will work only with SHA-2 signatures (but again, RSA keys uploaded before this date will continue to work with SHA-1). The deprecated MACs, ciphers, and unencrypted Git protocol will be permanently disabled.

Clients relying on older SSH implementations will need to be updated. (The standard Git client uses your operating system’s SSH implementation on Linux and macOS.)

Aframe lists some dependencies via github url which it looks like is being replaced during installation with this deprecated git:// reference.

If anyone encounters this in the future then the fix is to include this in your .gitconfig

[url "https://"]
	insteadOf = git://

You can make this change globally with this command git config --global url."https://".insteadOf git://

I am not sure whether there is anything for aframe to address here, explicitly listing git dependencies with https:// may help though. Looking through npm's issues it looks like this was raised and then actioned but I am still seeing this issue in npm version 6.14.17 which should have the fix merged in. Also note that I did not see the same issue on Windows which relates to the quote above stating that is can be an OS level issue. Although since most build systems / pipelines run on linux I think it's worth noting. This issue may also be fixed by more modern versions of node/npm but I was unable to verify this.

Hope this helps someone!

jconnolly-bond avatar May 27 '22 14:05 jconnolly-bond

Thanks so much for taking the time to write this down. It's awesome. Very appreciated

dmarcos avatar May 28 '22 04:05 dmarcos