Potrzebna pomoc gulp

Question

Cześć, jestem tutaj nowy, dopiero zaczynam się uczyć, i już utknąłem jeszcze zanim zacząłem mam problem z instalacją gulp. Niby robię wszystko zgodnie z instrukcją, ale otrzymuje taki komunikat. Będę bardzo wdzięczny za pomoc. Dzięki!

Is this OK? (yes) yes
PS C:\Users\divi0\onedrive\pulpit\js\projekty> npm install --save-dev gulp

up to date, audited 352 packages in 3s

13 packages are looking for funding
  run `npm fund` for details

6 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

PS C:\Users\divi0\onedrive\pulpit\js\projekty> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating glob-parent to 6.0.2, which is a SemVer major change.
npm WARN audit Updating glob-stream to 8.0.0, which is a SemVer major change.
npm WARN audit Updating chokidar to 3.5.3, which is a SemVer major change.
npm WARN audit Updating vinyl-fs to 4.0.0, which is a SemVer major change.
npm WARN audit Updating glob-watcher to 6.0.0, which is a SemVer major change.
npm WARN audit Updating gulp to 3.9.1, which is a SemVer major change.
npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x.
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5

added 125 packages, removed 1 package, changed 6 packages, and audited 476 packages in 14s

20 packages are looking for funding
  run `npm fund` for details

# npm audit report

lodash  <=4.17.20
Severity: critical
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via `npm audit fix`
node_modules/lodash
  globule  <=1.1.0
  Depends on vulnerable versions of glob
  Depends on vulnerable versions of lodash
  Depends on vulnerable versions of minimatch
  node_modules/globule
    gaze  0.4.0 - 1.0.0
    Depends on vulnerable versions of globule
    node_modules/gaze
      glob-watcher  <=2.0.0
      Depends on vulnerable versions of gaze
      node_modules/gulp/node_modules/glob-watcher

lodash.template  <4.5.0
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via `npm audit fix --force`
Will install gulp@4.0.2, which is a breaking change
node_modules/lodash.template
  gulp-util  >=1.1.0
  Depends on vulnerable versions of lodash.template
  node_modules/gulp-util
    gulp  2.4.0 - 3.9.1
    Depends on vulnerable versions of gulp-util
    Depends on vulnerable versions of semver
    Depends on vulnerable versions of vinyl-fs
    node_modules/gulp

minimatch  <=3.0.4
Severity: high
Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install gulp@4.0.2, which is a breaking change
node_modules/globule/node_modules/minimatch
node_modules/gulp/node_modules/minimatch
  glob  3.0.0 - 5.0.14
  Depends on vulnerable versions of minimatch
  node_modules/globule/node_modules/glob
  node_modules/gulp/node_modules/glob
    glob-stream  0.2.0 - 5.2.0
    Depends on vulnerable versions of glob
    Depends on vulnerable versions of minimatch
    node_modules/gulp/node_modules/glob-stream
      vinyl-fs  <=1.0.0
      Depends on vulnerable versions of glob-stream
      Depends on vulnerable versions of glob-watcher
      node_modules/gulp/node_modules/vinyl-fs

semver  <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install gulp@4.0.2, which is a breaking change
node_modules/gulp/node_modules/semver

12 vulnerabilities (1 moderate, 7 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

 

Answer 1

To nie jest błąd, to po prostu informacja, że niektóre zainstalowane zależności są potencjalnie niebezpieczne. Ale dopóki to odpalasz wyłącznie lokalnie u siebie, to nie ma się czym martwić.

Comments

To tak cos robie nie tak, bo jak chce zobaczyc wersje gulpa otrzymuje 

 

PS C:\Users\divi0\onedrive\pulpit\js\projekty> gulp --version
gulp : File C:\Users\divi0\AppData\Roaming\npm\gulp.ps1 cannot be loaded because running scripts is disabled on this sy
stem. For more information, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ gulp --version
+ ~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

no i w visual studio code nie pokazuje mi gulpa

---

To jest akurat problem z Windowsem/PowerShellem → https://stackoverflow.com/questions/16460163/ps1-cannot-be-loaded-because-the-execution-of-scripts-is-disabled-on-this-syste

---

@Comandeer, 

 

w visual studio code dostaje taki komunikat 

 

Automatyczne wykrywanie elementu gulp dla folderu {0} nie powiodło się z powodu błędu: {1}”, this.workspaceFolder.name, err.error ? err.error.toString(): „unknown
ReferenceError: primordials is not defined
    at fs.js:43:5
    at req_ (c:\Users\divi0\OneDrive\Pulpit\JS\Projekty\node_modules\natives\index.js:143:24)
    at Object.req [as require] (c:\Users\divi0\OneDrive\Pulpit\JS\Projekty\node_modules\natives\index.js:55:10)
    at Object.<anonymous> (c:\Users\divi0\OneDrive\Pulpit\JS\Projekty\node_modules\gulp\node_modules\graceful-fs\fs.js:1:37)
    at Module._compile (node:internal/modules/cjs/loader:1256:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)
    at Module.load (node:internal/modules/cjs/loader:1119:32)
    at Module._load (node:internal/modules/cjs/loader:960:12)
    at Module.require (node:internal/modules/cjs/loader:1143:19)
    at require (node:internal/modules/cjs/helpers:110:18)

Automatyczne wykrywanie elementu gulp dla folderu {0} nie powiodło się z powodu błędu: {1}”, this.workspaceFolder.name, err.error ? err.error.toString(): „unknown

 

---

Huh, ten błąd kojarzy mi się z wykorzystaniem zbyt nowej wersji Node'a (w moim wypadku było to 12 zamiast 10). Trochę mi to śmierdzi antycznym tutorialem.

---

Chyba tutaj trafiles w sedno, bo zakupilem kurs wprowadzajacy do Visual Studio Code, z (strefakursow) i wersje tam jakie uzywa sa stare. Czyli co sugerujesz ze powinienem zrobic?

---

Jeśli da się zwrócić, to bym spróbował zwrócić. Na udemy czy nawet na YT można znaleźć aktualniejsze kursy do VSC.

---

Spoko, dziekuje Ci slicznie, czyli rozumiem ze nie ma u mnie bledu? Tylko turtorial jest stary a wersje na ktorych obecnie pracuje za "nowe" w stosunku do turtoriala, stad te problemy?

---

Tak to wygląda, oprócz tego środkowego błędu z "gulp.ps1 cannot be loaded because running scripts is disabled on this system.", który jest spowodowany przez ustawienia systemu operacyjnego.

---

Oki, jeszcze raz dziekuje ;) Pojde, za Twoimi radami!