Mermaid: Possibly incorrect dagre-d3 version in package.json
Hi,
I'm experiencing an issue while trying to install version ~8.4 via npm.
Let me expose it in an empty environment:
sudo docker run --rm -it node:12.3-alpine sh -c "npm i -g --loglevel verbose mermaid@~8.4"
This unfortunately results in:
npm info it worked if it ends with ok
npm verb cli [
npm verb cli '/usr/local/bin/node',
npm verb cli '/usr/local/bin/npm',
npm verb cli 'i',
npm verb cli '-g',
npm verb cli '--loglevel',
npm verb cli 'verbose',
npm verb cli 'mermaid@~8.4'
npm verb cli ]
npm info using [email protected]
npm info using [email protected]
npm verb npm-session 6d5644b94274e0d7
npm http fetch GET 200 https://registry.npmjs.org/mermaid 160ms
npm timing stage:loadCurrentTree Completed in 209ms
npm timing stage:loadIdealTree:cloneCurrentTree Completed in 1ms
npm timing stage:loadIdealTree:loadShrinkwrap Completed in 2ms
npm http fetch GET 200 https://registry.npmjs.org/crypto-random-string 181ms
npm http fetch GET 200 https://registry.npmjs.org/d3 182ms
npm http fetch GET 200 https://registry.npmjs.org/graphlib 178ms
npm http fetch GET 200 https://registry.npmjs.org/he 179ms
npm http fetch GET 200 https://registry.npmjs.org/minify 183ms
npm http fetch GET 200 https://registry.npmjs.org/lodash 193ms
npm http fetch GET 200 https://registry.npmjs.org/moment-mini 194ms
npm http fetch GET 200 https://registry.npmjs.org/prettier 120ms
npm http fetch GET 200 https://registry.npmjs.org/dagre 213ms
npm http fetch GET 200 https://registry.npmjs.org/scope-css 138ms
npm http fetch GET 200 https://registry.npmjs.org/@braintree%2fsanitize-url 1167ms
npm timing stage:rollbackFailedOptional Completed in 1ms
npm timing stage:runTopLevelLifecycles Completed in 1408ms
npm verb stack Error: spawn git ENOENT
npm verb stack at Process.ChildProcess._handle.onexit (internal/child_process.js:264:19)
npm verb stack at onErrorNT (internal/child_process.js:456:16)
npm verb stack at processTicksAndRejections (internal/process/task_queues.js:84:9)
npm verb cwd /
npm verb Linux 4.15.0-66-generic
npm verb argv "/usr/local/bin/node" "/usr/local/bin/npm" "i" "-g" "--loglevel" "verbose" "mermaid@~8.4"
npm verb node v12.3.1
npm verb npm v6.9.0
npm ERR! path git
npm ERR! code ENOENT
npm ERR! errno ENOENT
npm ERR! syscall spawn git
npm ERR! enoent Error while executing:
npm ERR! enoent undefined ls-remote -h -t ssh://[email protected]/dagrejs/dagre-d3.git
npm ERR! enoent
npm ERR! enoent
npm ERR! enoent spawn git ENOENT
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm verb exit [ 1, true ]
npm timing npm Completed in 1843ms
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2019-11-12T16_01_29_757Z-debug.log
This issue might be related with: ca5e60b38b98448695d1a00ce1bdd1feeefa046d, since the version specified here is not numerical.
crusty
All 22 comments
+1
KendokaM
on 13 Nov 2019
I am having issues reproducing this without docker).
First I thought this might be related to you using node 12 as we do not officially suppott that yet so I tries first with node 10 and then with node 12 on macos.
Here with node v10
Then I tried with node v12.
Could you try with node 10 and and with yarn and se if we can earn anything more?
knsv
on 13 Nov 2019
This is reproducible with node:12.3-alpine and node:12.3-slim but not in node:12.3. This basically happens because git is missing in alpine and slim but not in the full docker image. Installing git manually before installing mermaid works fine too.
In the package.json it is referenced as a git. I would assume this has been done because the latest release from dagre-d3 on npm is one year old. Is there a way we can fix that without big hassle?
klemmchr
on 13 Nov 2019
I think it shouldn't be done in this way, especially that:
- The dependency version can be marked as "at least" (ie. >=version)
- I haven't noticed the practice of requiring git for any other node modules.
This would essentially make any slim and alpine docker images useless for anyone who uses mermaid for their project.
crusty
on 18 Nov 2019
The dependency version can be marked as "at least" (ie. >=version)
That requires that the package is available on npm which isn't the case. Like I mentioned already the latest release of dagre-d3 is one year old.
I haven't noticed the practice of requiring git for any other node modules.
I agree that this is bad practice. Especially for docker users and as most builds these days are done in slim or alpine docker images this is a bad thing too. Also this is trappy for enterprise users sitting behind a restrictive firewall like in #1071.
However I can't verify exactly why there is a hard dependency on a GitHub repo. I will investigate that issue and see what we can do about this. If the npm version breaks stuff we might need to get the GitHub version into the project as a hard dependency.
As a workaround you can build the project in a full node image (or install git manually) and have it run in an alpine image.
klemmchr
on 18 Nov 2019
I might be indirectly to blame, as I raised the issue in this discussion:
https://github.com/mermaid-js/mermaid/issues/990
nothingismagick
on 18 Nov 2019
@nothingismagick Well, it passed the review so no blame here. However, I would be glad if you could take this issue and search a solution that doesn’t involve referencing GitHub packages.
klemmchr
on 18 Nov 2019
It does seem a bit strange that the changes to dagre-d3 were merged, but no release since 2017!!!
If this doesn't get resolved I see two options: import it as a git submodule (which might actually have the same / similar / worse issue in docker) or flat-forking the repo and binding the source into mermaid itself (which is an option I don't like either...)
nothingismagick
on 18 Nov 2019
Yeah, that are really bad options. Either way we have the source with us which is a PITA. Plus, Submodules are a nightmare. The question is how fast we need to react to this issue. We now have at least 2 confirmed users that have a setup that they are affected. @knsv @Dunning-Kruger whats your opinion on that? I would say like 2 weeks, maybe contact the author via mail, he's a Microsoft employee so he might want to maintain his stuff at least with minimalistic efford.
Plus: do we have any alternatives?
klemmchr
on 18 Nov 2019
Alternative would be to fork and publish master to npm as dagre-d3-mermaid.
If that's wanted, I can do it tonight.
>
nothingismagick
on 18 Nov 2019
Alternative would be to fork and publish master to npm as dagre-d3-mermaid. If that's wanted, I can do it tonight.
…
I thoght of that but I consider that as the worst solution because then we need to maintain another repo.
klemmchr
on 18 Nov 2019
The unofficial publication of dagre-3d would be my choice, under a name such as "dagre-3d-unofficial" or something like that, making it VERY clear that it is not an official release.
Maintaining it should not be an issue: all we do is point people to the official repo. If we need to, we can pull changes from upstream and re-release (but this should be rare, I guess).
I would keep the fork in the mermaid org just for "security" and future reference but, it's not to be maintained or developed on.
We should still try to contact the owner for a release, since that is of course the best option.
IOrlandoni
on 18 Nov 2019
Alright, so what's the time schedule then? @nothingismagick already commented on the pr, so wait a week, contact via mail, wait another week, create the fork?
klemmchr
on 18 Nov 2019
Let's create it right now. The PR was merged a month ago and people have
broken installations right now. As soon as upstream gets published we can
go back.
On Mon, 18 Nov 2019, 19:14 Christian Klemm, notifications@github.com
wrote:
Alright, so what's the time schedule then? @nothingismagick
https://github.com/nothingismagick already commented on the pr, so wait
a week, contact via mail, wait another week, create the fork?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/mermaid-js/mermaid/issues/1065?email_source=notifications&email_token=AIM4G6GU2VWCNTIHQFRJOOTQULLRRA5CNFSM4JMFUOS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEELMMXY#issuecomment-555140703,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AIM4G6BYMFKAGISZLRPH4IDQULLRRANCNFSM4JMFUOSQ
.
nothingismagick
on 18 Nov 2019
Hey Guys,
Any update on this? are we still waiting on the author of the dependency to get back?
Cheers
damiandennis
on 26 Nov 2019
Yeah, its been a week, and my advice to host a fork at this org is probably the best way forward.
nothingismagick
on 26 Nov 2019
Ok, I have forked the repo to mermaid-js.
knsv
on 27 Nov 2019
Just to summarize, we need an unofficial realase of the head of the fork to the npm repo, (not githubs repo)?
Then we update the dependencies in mermaid in release/8.4.3 branch wich is on its way out.
knsv
on 27 Nov 2019
Just to summarize, we need an unofficial realase of the head of the fork to the npm repo, (not githubs repo)?
Then we update the dependencies in mermaid in release/8.4.3 branch wich is on its way out.
Exactly, we need the latest master as a npm package (like dagre-d3-mermaid) so we can get rid of it. I assume you want to do the release, do you also want to update the dependency?
klemmchr
on 27 Nov 2019
Yes, I'll do both
knsv
on 27 Nov 2019
This is now pushed to the 8.4.3 release branch and available from the github package repo, https://github.com/mermaid-js/mermaid/packages/46638
knsv
on 27 Nov 2019
What's the estimated date of 8.4.3 being released and pushed to npm?
crusty
on 29 Nov 2019
Related issues
erelling
·
3Comments
mestaritonttu
·
3Comments
yk-liu
·
4Comments
lwalker-kforce
·
3Comments
michaeltlombardi
·
3Comments
Most helpful comment
Alternative would be to fork and publish master to npm as dagre-d3-mermaid.
If that's wanted, I can do it tonight.
>