无法判断 Node 16 NPM 8 调用是成功还是失败

Cannot tell whether Node 16 NPM 8 invocation is succeeding or failing

Node 和 NPM 的新手并尝试使用 babylon.js。我安装了 NVM 并使用 nvm use 16 切换到 Node 16。然后我通过 npm install -g npm@8.7.0 升级了 NPM。到目前为止一切顺利。

然后,正如文档所说,我尝试安装 Babylon 模块:

npm install babylonjs --save

但是这个命令的输出是:

npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated html-webpack-plugin@3.2.0: 3.x is no longer supported
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.

added 952 packages, removed 4 packages, changed 31 packages, and audited 1162 packages in 34s

87 packages are looking for funding
  run `npm fund` for details

21 vulnerabilities (8 moderate, 12 high, 1 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

我希望看到一条友好的消息,内容如下:

"The babylonjs modules have been successfully installed"

这是您使用成熟的构建系统(例如 Maven 或 Gradle 时会收到的消息类型。或者,如果它失败了,我希望看到 一些东西,比如:

"Failure: NPM failed to install the modules because of X"

但是 相反 我看到一堆令人不安的 versioning/security(检测到漏洞)警告和一条消息:

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

这给我留下了一些不安的感觉。这里的主要问题是:命令是否成功?是否安装了babylonjs模块?他们安装正确了吗?我怎么知道?我的当前目录还是空的...

但是,顺便说一句:我需要关注所有这些警告吗?他们是否阻止了 babylonjs 模块的正确安装?

使用 Maven 或 Gradle,它会告诉您(一目了然)您的 CLI 调用是失败还是成功,但此输出两者都不是。

别担心,安装确实发生了,从外观上看,它是成功的。

你所看到的其他一切都是 npm 生态系统的相互联系和广阔的结果。顶部的警告指的是 babylon.js 的嵌套依赖项,可能已被弃用以支持其他模块。你对此无能为力。

但是,如果您感觉非常热心,并且您知道作者的库依赖于这些已弃用的库,您可以要求他们(很好地)发布他们的包的新版本,而没有那些已弃用的包;然后请作者babylon.js(再一次,很好地)将他们的依赖项升级到那些作者发布的版本。


tl;博士

有关漏洞的警告,然后是修复它们的命令 (npm audit fix) 可能是您为了安全可以做的最多的事情。 运行命令并继续你的工作。