breautek commented on issue #349: URL: https://github.com/apache/cordova/issues/349#issuecomment-2271574498
> I did a clean install of Cordova today (I have never used Cordova before, and am just exploring/learning about it for the first time), and got a bunch of warnings similar to what is reported above, but it seems the list of deprecated packages has gotten longer, and Cordova maybe needs to update to other dependencies? > > ``` > C:\Users\uogre>npm install -g cordova > npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. > npm warn deprecated @npmcli/move-file@2.0.1: This functionality has been moved to @npmcli/fs > npm warn deprecated read-package-json@6.0.4: This package is no longer supported. Please use @npmcli/package-json instead. > npm warn deprecated npmlog@6.0.2: This package is no longer supported. > npm warn deprecated npmlog@7.0.1: This package is no longer supported. > npm warn deprecated stringify-package@1.0.1: This module is not used anymore, and has been replaced by @npmcli/package-json > npm warn deprecated har-validator@5.1.5: this library is no longer supported > npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported > npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported > npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported > npm warn deprecated q@1.5.1: You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other. > npm warn deprecated > npm warn deprecated (For a CapTP with native promises, see @endo/eventual-send and @endo/captp) > npm warn deprecated are-we-there-yet@4.0.2: This package is no longer supported. > npm warn deprecated are-we-there-yet@3.0.1: This package is no longer supported. > npm warn deprecated gauge@5.0.2: This package is no longer supported. > npm warn deprecated gauge@4.0.4: This package is no longer supported. > npm warn deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. > npm warn deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 > > added 548 packages in 11s > > 62 packages are looking for funding > run `npm fund` for details > ``` A cordova install in a complete fresh environment will yield, or at least it did for me: ``` npm install -g cordova npm warn deprecated har-validator@5.1.5: this library is no longer supported npm warn deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 ``` A complete fresh environment meaning I had 0 globally installed NPM packages. If you have other globally installed packages and those versions satisfies the version pins that cordova or any of its dependencies uses, they won't get upgraded on `npm install`, even if you're installing cordova for the first time and for the sake of speed, NPM will use any existing package assuming that the existing version satisfies the version pin of the package requesting that dependency. So in other words, if a package wants dependency `x@^1.0.0`, and `x` latest is `1.5.0` and the system has `x@1.2.0` installed, it will use `x@1.2.0` that already exists instead of downloading and pulling `1.5.0` since `1.2.0` already satisfies `^1.0.0`, even if the existing version is marked as deprecated. This is behaviour of NPM, not something that Cordova controls. Running `npm -g upgrade` should upgrade all global packages to the latest versions possible (while satisfying version pins) which should solve your large list of deprecated packages, but if you have other global packages that have strict version pins it may hold them back. `npm -g ls <packageName>` can also be used to find where some of those packages are being used if any are being held back. If you have other global packages that are causing these dependencies to be held back, then you might be able to use a project-local install instead by doing `npm install cordova --save-dev` in your project directory. Then prefix any cordova commands with `npx` to use the project-local install, e.g: `npx cordova build android`. This should eliminate any influence on global installed packages, but I'm not 100% sure if local installs actually works completely. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
