Skip to content
This repository has been archived by the owner on May 28, 2021. It is now read-only.

Several outdated dependencies and security issues #145

Open
MWals opened this issue Jul 5, 2019 · 3 comments
Open

Several outdated dependencies and security issues #145

MWals opened this issue Jul 5, 2019 · 3 comments

Comments

@MWals
Copy link

MWals commented Jul 5, 2019

tep 4/6 : RUN npm install
---> Running in 2c2d41379341
npm WARN deprecated graphql-server-express@1.4.0: This package has been renamed to 'apollo-server-express'. Please update your dependencies!
npm WARN deprecated bcrypt-nodejs@0.0.3: bcrypt-nodejs is no longer actively maintained. Please use bcrypt or bcryptjs. See https://github.com/kelektiv/node.bcrypt.js/wiki/bcrypt-vs-brypt.js to learn more about these two options
npm WARN deprecated sendgrid@1.9.2: Please see v6.X+ at https://www.npmjs.com/org/sendgrid
npm WARN deprecated socks@1.1.10: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0
npm WARN deprecated babel-preset-es2015@6.24.1: 🙌 Thanks for using Babel: we recommend using babel-preset-env now: please read https://babeljs.io/env to update!
npm WARN deprecated typings@2.1.1: Typings is deprecated in favor of NPM @types -- see README for more information
npm WARN deprecated babel@6.23.0: In 6.x, the babel package has been deprecated in favor of babel-cli. Check https://opencollective.com/babel to support the Babel maintainers
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated ejs@0.8.3: Critical security bugs fixed in 2.5.5
npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3
npm WARN deprecated fs-promise@0.3.1: Use mz or fs-extra^3.0 with Promise Support
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated formatio@1.2.0: This package is unmaintained. Use @sinonjs/formatio instead
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated text-encoding@0.6.4: no longer maintained
npm WARN deprecated popsicle-proxy-agent@3.0.0: Use agent option with popsicle directly
npm WARN prefer global node-gyp@3.8.0 should be installed with -g
@Demieno
Copy link

Demieno commented Jul 6, 2019

->> start with node version 10..

@MWals
Copy link
Author

MWals commented Jul 7, 2019
edited

@Demieno thanks for your fast response. I tried to get the boilerplate running but i seem to do something wrong here. The App always crashes with different errors, with node version 6 and 10. Some errors here were also reported in another issue (the express-validator issue).

Further steps i took are marked bold in this post as you scroll through the output below

SO here is what i did when i tried with node 10 as you suggested:
I deleted all files and cloned the repo again. I have changed the Node Version in the Dockerfile to 10.13 and ran docker-compose build and docker-compose up. The app crashes with the following output:

PS C:\Users\MarkusWals\source\repos\vue-express-mongo-boilerplate> docker-compose build
mongo uses an image, skipping
Building web
Step 1/6 : FROM node:10.13
10.13: Pulling from library/node
54f7e8ac135a: Pull complete
d6341e30912f: Pull complete
087a57faf949: Pull complete
5d71636fb824: Pull complete
0c1db9598990: Pull complete
89669bc2deb2: Pull complete
983ea4fdf0c2: Pull complete
1a3dc26a871c: Pull complete
e75626001634: Pull complete
Digest: sha256:dc724f69561cc8e1437bda5ca0f1c88541ae1794dbd5a392abacf1166c4b0393
Status: Downloaded newer image for node:10.13
---> f09e7c96b6de
Step 2/6 : WORKDIR /usr/src/app
---> Running in ffd7989e1d7a
Removing intermediate container ffd7989e1d7a
---> 356c3c69ca7d
Step 3/6 : COPY package.json .
---> 6020b5bc7862
Step 4/6 : RUN npm install
---> Running in 4af81f6b5a57
npm WARN deprecated babel-preset-es2015@6.24.1: 🙌 Thanks for using Babel: we recommend using babel-preset-env now: please read https://b
abeljs.io/env to update!
npm WARN deprecated typings@2.1.1: Typings is deprecated in favor of NPM @types -- see README for more information
npm WARN deprecated babel@6.23.0: In 6.x, the babel package has been deprecated in favor of babel-cli. Check https://opencollective.com/babel to support the Babel maintainers
npm WARN deprecated bcrypt-nodejs@0.0.3: bcrypt-nodejs is no longer actively maintained. Please use bcrypt or bcryptjs. See https://github.com/kelektiv/node.bcrypt.js/wiki/bcrypt-vs-brypt.js to learn more about these two options
npm WARN deprecated graphql-server-express@1.4.0: This package has been renamed to 'apollo-server-express'. Please update your dependencies!
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated formatio@1.2.0: This package is unmaintained. Use @sinonjs/formatio instead
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated ejs@0.8.3: Critical security bugs fixed in 2.5.5
npm WARN deprecated text-encoding@0.6.4: no longer maintained
npm WARN deprecated sendgrid@1.9.2: Please see v6.X+ at https://www.npmjs.com/org/sendgrid
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid
support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated popsicle-proxy-agent@3.0.0: Use agent option with popsicle directly
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated fs-promise@0.3.1: Use mz or fs-extra^3.0 with Promise Support
npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated socks@1.1.10: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0

chromedriver@2.41.0 install /usr/src/app/node_modules/chromedriver
node install.js

Downloading https://chromedriver.storage.googleapis.com/2.41/chromedriver_linux64.zip
Saving to /usr/src/app/node_modules/chromedriver/chromedriver/chromedriver_linux64.zip
Received 781K...
Received 1566K...
Received 2350K...
Received 3134K...
Received 3852K total.
Extracting zip contents
Copying to target path /usr/src/app/node_modules/chromedriver/lib/chromedriver
Fixing file permissions
Done. ChromeDriver binary available at /usr/src/app/node_modules/chromedriver/lib/chromedriver/chromedriver

node-sass@4.9.3 install /usr/src/app/node_modules/node-sass
node scripts/install.js

Downloading binary from https://github.com/sass/node-sass/releases/download/v4.9.3/linux-x64-64_binding.node
Download complete
Binary saved to /usr/src/app/node_modules/node-sass/vendor/linux-x64-64/binding.node
Caching binary to /root/.npm/node-sass/4.9.3/linux-x64-64_binding.node

core-js@2.6.9 postinstall /usr/src/app/node_modules/core-js
node scripts/postinstall || echo "ignore"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:

https://opencollective.com/core-js
https://www.patreon.com/zloirock

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

node-sass@4.9.3 postinstall /usr/src/app/node_modules/node-sass
node scripts/build.js

Binary found at /usr/src/app/node_modules/node-sass/vendor/linux-x64-64/binding.node
Testing binary
Binary is fine

nodemon@1.19.1 postinstall /usr/src/app/node_modules/nodemon
node bin/postinstall || exit 0

Love nodemon? You can now support the project via the open collective:

https://opencollective.com/nodemon/donate

npm WARN prepublish-on-install As of npm@5, prepublish scripts are deprecated.
npm WARN prepublish-on-install Use prepare for build steps and prepublishOnly for upload-only.
npm WARN prepublish-on-install See the deprecation note in npm help scripts for more information.
npm WARN lifecycle vue-express-mongo-boilerplate@0.9.0prepublish: cannot run in wd vue-express-mongo-boilerplate@0.9.0 npm run snyk-protect (wd=/usr/src/app)
npm WARN lifecycle vue-express-mongo-boilerplate@0.9.0prepare: cannot run in wd vue-express-mongo-boilerplate@0.9.0 npm run snyk-protect
(wd=/usr/src/app)
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN mongoose-auto-increment@5.0.1 requires a peer of mongoose@^4.1.12 but none is installed. You must install peer dependencies yourself.
npm WARN gulp-babel@8.0.0 requires a peer of @babel/core@^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN sinon-chai@2.10.0 requires a peer of chai@>=1.9.2 <4 but none is installed. You must install peer dependencies yourself.
npm WARN sass-loader@6.0.5 requires a peer of webpack@^2.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN stats-webpack-plugin@0.6.0 requires a peer of webpack@^1.0||^2.1.0-beta||^2.2.0-rc but none is installed. You must install peer dependencies yourself.
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN acorn-dynamic-import@4.0.0 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN The package cross-env is included as both a dev and production dependency.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

added 1987 packages from 1882 contributors and audited 19819 packages in 51.026s
found 397 vulnerabilities (7 low, 14 moderate, 375 high, 1 critical)
run npm audit fix to fix them, or npm audit for details
Removing intermediate container 4af81f6b5a57
---> d07fa7423578
Step 5/6 : COPY . .
---> 06e22d495c47
Step 6/6 : EXPOSE 3000
---> Running in 433ae0a06fe8
Removing intermediate container 433ae0a06fe8
---> 76e602f065ad
Successfully built 76e602f065ad
Successfully tagged vue-express-mongo-site:latest
PS C:\Users\MarkusWals\source\repos\vue-express-mongo-boilerplate> docker-compose up
Starting vue-express-mongo-boilerplate_mongo_1 ... done
Creating vue-express-mongo-boilerplate_web_1 ... done
Attaching to vue-express-mongo-boilerplate_mongo_1, vue-express-mongo-boilerplate_web_1
mongo_1 | 2019-07-07T19:40:37.893+0000 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
mongo_1 | 2019-07-07T19:40:37.909+0000 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=dad4443a02bd
mongo_1 | 2019-07-07T19:40:37.909+0000 I CONTROL [initandlisten] db version v4.0.10
mongo_1 | 2019-07-07T19:40:37.909+0000 I CONTROL [initandlisten] git version: c389e7f69f637f7a1ac3cc9fae843b635f20b766
mongo_1 | 2019-07-07T19:40:37.909+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016
mongo_1 | 2019-07-07T19:40:37.909+0000 I CONTROL [initandlisten] allocator: tcmalloc
mongo_1 | 2019-07-07T19:40:37.910+0000 I CONTROL [initandlisten] modules: none
mongo_1 | 2019-07-07T19:40:37.910+0000 I CONTROL [initandlisten] build environment:
mongo_1 | 2019-07-07T19:40:37.910+0000 I CONTROL [initandlisten] distmod: ubuntu1604
mongo_1 | 2019-07-07T19:40:37.910+0000 I CONTROL [initandlisten] distarch: x86_64
mongo_1 | 2019-07-07T19:40:37.910+0000 I CONTROL [initandlisten] target_arch: x86_64
mongo_1 | 2019-07-07T19:40:37.910+0000 I CONTROL [initandlisten] options: { net: { bindIpAll: true } }
mongo_1 | 2019-07-07T19:40:37.911+0000 I STORAGE [initandlisten] Detected data files in /data/db created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
mongo_1 | 2019-07-07T19:40:37.911+0000 I STORAGE [initandlisten]
mongo_1 | 2019-07-07T19:40:37.911+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
mongo_1 | 2019-07-07T19:40:37.911+0000 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
mongo_1 | 2019-07-07T19:40:37.912+0000 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=478M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),statistics_log=(wait=0),verbose=(recovery_progress),
mongo_1 | 2019-07-07T19:40:38.665+0000 I STORAGE [initandlisten] WiredTiger message [1562528438:665534][1:0x7f17361d9a80], txn-recover:
Main recovery loop: starting at 4/39424 to 5/256
mongo_1 | 2019-07-07T19:40:38.750+0000 I STORAGE [initandlisten] WiredTiger message [1562528438:750201][1:0x7f17361d9a80], txn-recover:
Recovering log 4 through 5
mongo_1 | 2019-07-07T19:40:38.830+0000 I STORAGE [initandlisten] WiredTiger message [1562528438:830112][1:0x7f17361d9a80], txn-recover:
Recovering log 5 through 5
mongo_1 | 2019-07-07T19:40:38.884+0000 I STORAGE [initandlisten] WiredTiger message [1562528438:884352][1:0x7f17361d9a80], txn-recover:
Set global recovery timestamp: 0
mongo_1 | 2019-07-07T19:40:38.929+0000 I RECOVERY [initandlisten] WiredTiger recoveryTimestamp. Ts: Timestamp(0, 0)
mongo_1 | 2019-07-07T19:40:38.960+0000 I CONTROL [initandlisten]
mongo_1 | 2019-07-07T19:40:38.961+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
mongo_1 | 2019-07-07T19:40:38.961+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
mongo_1 | 2019-07-07T19:40:38.961+0000 I CONTROL [initandlisten]
mongo_1 | 2019-07-07T19:40:39.014+0000 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
mongo_1 | 2019-07-07T19:40:39.019+0000 I NETWORK [initandlisten] waiting for connections on port 27017
web_1 |
web_1 | > vue-express-mongo-boilerplate@0.9.0 docker-dev /usr/src/app
web_1 | > cross-env NODE_ENV=development MONGO_URI=mongodb://mongo/ nodemon --debug
web_1 |
web_1 | [nodemon] 1.19.1
web_1 | [nodemon] to restart at any time, enter rs
web_1 | [nodemon] watching: /usr/src/app/server/**/* config.js webpack.*.config.js
web_1 | [nodemon] starting node --debug server/index.js
web_1 | (node:38) [DEP0062] DeprecationWarning: node --debug and node --debug-brk are invalid. Please use node --inspect or node --inspect-brk instead.
web_1 | [nodemon] app crashed - waiting for file changes before starting...

After changing nodemon --debug to --inspect as suggested in the warning, i get the following error:

PS C:\Users\MarkusWals\source\repos\vue-express-mongo-boilerplate> docker-compose up
Starting vue-express-mongo-boilerplate_mongo_1 ... done
Starting vue-express-mongo-boilerplate_web_1 ... done
Attaching to vue-express-mongo-boilerplate_mongo_1, vue-express-mongo-boilerplate_web_1
mongo_1 | 2019-07-07T19:43:41.304+0000 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=dad4443a02bd
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] db version v4.0.10
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] git version: c389e7f69f637f7a1ac3cc9fae843b635f20b766
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] allocator: tcmalloc
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] modules: none
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] build environment:
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] distmod: ubuntu1604
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] distarch: x86_64
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] target_arch: x86_64
mongo_1 | 2019-07-07T19:43:41.306+0000 I CONTROL [initandlisten] options: { net: { bindIpAll: true } }
mongo_1 | 2019-07-07T19:43:41.310+0000 I STORAGE [initandlisten] Detected data files in /data/db created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
mongo_1 | 2019-07-07T19:43:41.310+0000 I STORAGE [initandlisten]
mongo_1 | 2019-07-07T19:43:41.310+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
mongo_1 | 2019-07-07T19:43:41.310+0000 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
mongo_1 | 2019-07-07T19:43:41.310+0000 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=478M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),statistics_log=(wait=0),verbose=(recovery_progress),
mongo_1 | 2019-07-07T19:43:41.926+0000 I STORAGE [initandlisten] WiredTiger message [1562528621:926410][1:0x7f7249dc7a80], txn-recover:
Main recovery loop: starting at 5/6272 to 6/256
mongo_1 | 2019-07-07T19:43:42.019+0000 I STORAGE [initandlisten] WiredTiger message [1562528622:19334][1:0x7f7249dc7a80], txn-recover: Recovering log 5 through 6
mongo_1 | 2019-07-07T19:43:42.101+0000 I STORAGE [initandlisten] WiredTiger message [1562528622:101050][1:0x7f7249dc7a80], txn-recover:
Recovering log 6 through 6
mongo_1 | 2019-07-07T19:43:42.142+0000 I STORAGE [initandlisten] WiredTiger message [1562528622:142532][1:0x7f7249dc7a80], txn-recover:
Set global recovery timestamp: 0
mongo_1 | 2019-07-07T19:43:42.255+0000 I RECOVERY [initandlisten] WiredTiger recoveryTimestamp. Ts: Timestamp(0, 0)
mongo_1 | 2019-07-07T19:43:42.309+0000 I CONTROL [initandlisten]
mongo_1 | 2019-07-07T19:43:42.309+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
mongo_1 | 2019-07-07T19:43:42.309+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
mongo_1 | 2019-07-07T19:43:42.310+0000 I CONTROL [initandlisten]
mongo_1 | 2019-07-07T19:43:42.342+0000 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
mongo_1 | 2019-07-07T19:43:42.345+0000 I NETWORK [initandlisten] waiting for connections on port 27017
web_1 |
web_1 | > vue-express-mongo-boilerplate@0.9.0 docker-dev /usr/src/app
web_1 | > cross-env NODE_ENV=development MONGO_URI=mongodb://mongo/ nodemon --inspect
web_1 |
web_1 | [nodemon] 1.19.1
web_1 | [nodemon] to restart at any time, enter rs
web_1 | [nodemon] watching: /usr/src/app/server/**/* config.js webpack.*.config.js
web_1 | [nodemon] starting node --inspect server/index.js
web_1 | Debugger listening on ws://127.0.0.1:9229/565684a3-8b0b-419b-a7cb-650b53a8b75a
web_1 | For help, see: https://nodejs.org/en/docs/inspector
web_1 | process.argv: /usr/local/bin/node,/usr/src/app/server/index.js
web_1 | Application root path: /usr/src/app
web_1 | External production configuration not found!. Create a default config.js file...
web_1 | The config.js file created! Please update the settings in the file!
web_1 | {"message":{},"level":"info"}
web_1 | {"level":"info","message":"---------------------[ Server starting at %s ]---------------------------"}
web_1 | {"message":{},"level":"info"}
web_1 | {"message":"Application root path: /usr/src/app","level":"info"}
web_1 | {"message":"Loaded configuration:","level":"info"}
web_1 | {"message":{"hashSecret":"K1lZzY9TdX4dCCQdSaZWkSq3FCeWQgclO6HYfR1XlzQ","sessionSecret":"TyNRLukdTrFgZHKkLK9qNB7Gdn7ozyuWnqwtNv6Vhps","app":{"title":"Vue-Express-Mongo BoilerPlate","version":"0.9.0","description":"Express NodeJS application server boilerplate with Mongo and VueJS","keywords":"boilerplate,express,mongo,vue,mongodb,hackaton,bootstrap,starter","url":"http://localhost:3000/","contactEmail":"hello@vem-app.com"},"db":{"options":{"user":"","pass":"","useNewUrlParser":true,"keepAlive":1},"uri":"mongodb://mongo/"},"redis":{"enabled":false,"uri":"redis://localhost:6379","options":null},"mailer":{"enabled":false,"from":"noreply@vem-app.com"},"features":{"disableSignUp":false,"verificationRequired":true},"authKeys":{"google":{"clientID":null,"clientSecret":null},"facebook":{"clientID":null,"clientSecret":null},"github":{"clientID":null,"clientSecret":null},"twitter":{"clientID":null,"clientSecret":null}},"logging":{"console":{"level":"debug"},"file":{"enabled":false,"path":"/usr/src/app/logs","level":"info","json":false,"exceptionFile":true},"graylog":{"enabled":false},"papertrail":{"enabled":false,"host":null,"port":null,"level":"debug","program":"vem"},"logentries":{"enabled":false,"token":null},"loggly":{"enabled":false,"token":null,"subdomain":null},"logsene":{"enabled":false,"token":null},"logzio":{"enabled":false,"token":null}},"ip":"0.0.0.0","port":3000,"rootPath":"/usr/src/app","dataFolder":"/usr/src/app/data","uploadLimit":2097152,"sessions":{"cookie":{"maxAge":604800000,"httpOnly":true,"secure":false},"name":"sessionId","collection":"sessions"},"test":false,"cacheTimeout":300,"agendaTimer":"one minute"},"level":"info"}
web_1 | {"message":{},"level":"info"}
web_1 | {"message":{},"level":"info"}
web_1 | {"message":"Connecting to Mongo mongodb://mongo/...","level":"info"}
web_1 | /usr/src/app/server/core/express.js:77
web_1 | app.use(validator());
web_1 | ^
web_1 |
web_1 | TypeError: validator is not a function
web_1 | at initMiddleware (/usr/src/app/server/core/express.js:77:10)
web_1 | at module.exports (/usr/src/app/server/core/express.js:314:2)
web_1 | at Object. (/usr/src/app/server/index.js:18:38)
web_1 | at Module._compile (internal/modules/cjs/loader.js:688:30)
web_1 | at Object.Module._extensions..js (internal/modules/cjs/loader.js:699:10)
web_1 | at Module.load (internal/modules/cjs/loader.js:598:32)
web_1 | at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
web_1 | at Function.Module._load (internal/modules/cjs/loader.js:529:3)
web_1 | at Function.Module.runMain (internal/modules/cjs/loader.js:741:12)
web_1 | at startup (internal/bootstrap/node.js:285:19)
web_1 | at bootstrapNodeJSCore (internal/bootstrap/node.js:739:3)
web_1 | [nodemon] app crashed - waiting for file changes before starting...

Commenting out this line that causes the error in express.js, there is a different issue:

web_1 | MongoError: database name must be a string
web_1 | at Function.create (/usr/src/app/node_modules/mongoose/node_modules/mongodb-core/lib/error.js:43:12)
web_1 | at validateDatabaseName (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/db_ops.js:696:22)
web_1 | at new Db (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/db.js:180:3)
web_1 | at MongoClient.db (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/mongo_client.js:268:14)
web_1 | at /usr/src/app/node_modules/mongoose/lib/connection.js:509:62
web_1 | at result (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/utils.js:414:17)
web_1 | at executeCallback (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/utils.js:406:9)
web_1 | at err (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/mongo_client_ops.js:286:5)
web_1 | at connectCallback (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/mongo_client_ops.js:241:5)
web_1 | at process.nextTick (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/mongo_client_ops.js:463:7)
web_1 | at process._tickCallback (internal/process/next_tick.js:61:11)
mongo_1 | 2019-07-07T19:47:13.220+0000 I NETWORK [conn2] end connection 172.18.0.3:34396 (0 connections now open)
web_1 | [nodemon] app crashed - waiting for file changes before starting...

uncommenting line 33 in server/config/config.template, there is again the same error about the database name

web_1 | MongoError: database name must be a string
web_1 | at Function.create (/usr/src/app/node_modules/mongoose/node_modules/mongodb-core/lib/error.js:43:12)
web_1 | at validateDatabaseName (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/db_ops.js:696:22)
web_1 | at new Db (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/db.js:180:3)
web_1 | at MongoClient.db (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/mongo_client.js:268:14)
web_1 | at /usr/src/app/node_modules/mongoose/lib/connection.js:509:62
web_1 | at result (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/utils.js:414:17)
web_1 | at executeCallback (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/utils.js:406:9)
web_1 | at err (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/mongo_client_ops.js:286:5)
web_1 | at connectCallback (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/mongo_client_ops.js:241:5)
web_1 | at process.nextTick (/usr/src/app/node_modules/mongoose/node_modules/mongodb/lib/operations/mongo_client_ops.js:463:7)
web_1 | at process._tickCallback (internal/process/next_tick.js:61:11)
mongo_1 | 2019-07-07T19:50:30.761+0000 I NETWORK [conn2] end connection 172.18.0.3:34408 (0 connections now open)
web_1 | [nodemon] app crashed - waiting for file changes before starting...

@exislow
Copy link

exislow commented Aug 6, 2019

I got the following (deprecation) warnings while installing. There are a lot of outdated packages. Is it possible that somebody fixes this?

I mean this is a nice boilerplate, but it is outdated :-(

npm WARN deprecated babel-preset-es2015@6.24.1: 🙌  Thanks for using Babel: we recommend using babel-preset-env now: please read https://babeljs.io/env to update!
npm WARN deprecated babel@6.23.0: In 6.x, the babel package has been deprecated in favor of babel-cli. Check https://opencollective.com/babel to support the Babel maintainers
npm WARN deprecated typings@2.1.1: Typings is deprecated in favor of NPM @types -- see README for more information
npm WARN deprecated bcrypt-nodejs@0.0.3: bcrypt-nodejs is no longer actively maintained. Please use bcrypt or bcryptjs. See https://github.com/kelektiv/node.bcrypt.js/wiki/bcrypt-vs-brypt.js to learn more about these two options
npm WARN deprecated graphql-server-express@1.4.0: This package has been renamed to 'apollo-server-express'.  Please update your dependencies!
npm WARN deprecated ejs@0.8.3: Critical security bugs fixed in 2.5.5
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated formatio@1.2.0: This package is unmaintained. Use @sinonjs/formatio instead
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated text-encoding@0.6.4: no longer maintained
npm WARN deprecated sendgrid@1.9.2: Please see v6.X+ at https://www.npmjs.com/org/sendgrid
npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3
npm WARN deprecated fs-promise@0.3.1: Use mz or fs-extra^3.0 with Promise Support
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated popsicle-proxy-agent@3.0.0: Use `agent` option with `popsicle` directly
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated socks@1.1.10: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0

[...]

npm WARN prepublish-on-install As of npm@5, `prepublish` scripts are deprecated.
npm WARN prepublish-on-install Use `prepare` for build steps and `prepublishOnly` for upload-only.
npm WARN prepublish-on-install See the deprecation note in `npm help scripts` for more information.

[...]

npm WARN mongoose-auto-increment@5.0.1 requires a peer of mongoose@^4.1.12 but none is installed. You must install peer dependencies yourself.
npm WARN gulp-babel@8.0.0 requires a peer of @babel/core@^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN sass-loader@6.0.5 requires a peer of webpack@^2.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN sinon-chai@2.10.0 requires a peer of chai@>=1.9.2 <4 but none is installed. You must install peer dependencies yourself.
npm WARN stats-webpack-plugin@0.6.0 requires a peer of webpack@^1.0||^2.1.0-beta||^2.2.0-rc but none is installed. You must install peer dependencies yourself.
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN The package cross-env is included as both a dev and production dependency.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.9 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.9: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

added 1990 packages from 1883 contributors and audited 19897 packages in 351.09s
found 761 vulnerabilities (8 low, 14 moderate, 738 high, 1 critical)
  run `npm audit fix` to fix them, or `npm audit` for details

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@exislow @MWals @Demieno