Install fails on Win10, Node 8.11.3 LTS

[rmalayter]

Seems like a regression of issue #81: installation is broken on a fully patched Windows 10 running the latest LTS release of node (8.11.3 LTS).

npm install -g adapt-cli again seems to be pulling in a very old version of nodegit (0.16.0), which fails to install.

error log at: adapt-cli_install_err_20180810.txt

[rmalayter]

npm install -g nodegit in the exact same environment succeeds, resulting in [email protected].

However this doesn't let npm install -g adapt-cli succeed, as seems to be locked to the old version of nodegit.

[moloko]

please could you try npm install -g adapt-cli@next? it's the new version which hopefully will solve this plus add a bunch of new features - see #93

[rmalayter]

Now this is weird... I looked at package.json in the master branch, and saw a recent version bump to 2.0.6, which has a newer nodegit dependency.

npm install -g [email protected] did succeed.

However 2.0.5 is marked as "latest" in npm, and there are also 2.0.7 and 2.0.8 versions listed in npm which are not in the Github repository at all.

Why is 2.0.6 not the default version for npm install -g adapt-cli? Latest is still pinned to a (broken) 2.0.5.

Even more worrisome, there are 2.0.7 and 2.0.8 versions in npm with no corresponding commits in the GitHUb repo.

What is going on? Did someone get their npm credentials compromised as with eslint?

[rmalayter]

looks like we crossed comments... see above. Seeing 2.0.7 and 2.0.8 in npm version history but nothing referencing those in GitHub is very scary considering the eslint npm compromise a few weeks back.

[moloko]

we've been a bit slow about adding support for node v8, sorry. very few people work full time on the project, most just donate what spare time they have available.

[rmalayter]

Thanks !

npm install -g adapt-cli@next succeed with + [email protected].

I'm just getting started with adapt, and hope to contribute in the future if it is a fit for us (I work for an elearning provider).

Is there are reason these latest versions aren't in the main Github repo? Given what happened with eslint, shouldn't master be up to date with whatever is @latest in npm, and develop track to whatever is @next in npm? Publishing npm versions from a side repository is sort of scary.

[moloko]

you'll see 2.0.7 if you look in #93

not sure about 2.0.8 - am doing this on phone so not easy to check, unlikely to be npm account compromise

[rmalayter]

Should I leave issue open until you get a chance to investigate? 2.0.8-6 is what I'm seeing from npm. Seems like there's something strange afoot.

[moloko]

Seems like there's something strange afoot.

Nope probably just a versioning mistake on the part of the developer who's been doing the updates, have a look at the package.json history and you'll see what I mean

To give you a little bit of background, the person who originally developed the adapt-cli no longer has any time to donate to the project, so we (Kineo) have asked one of our colleagues to step in and pick this up - naturally there's a bit of a learning curve for him to overcome as well as quite a lot of work to get through given how long this has remaining unmaintained.

If he's working from his own repo then it's either because he doesn't have permissions on the main repo - or just that he worked from his own out of force of habit. I don't think he originally intended to publish anything to npm from his own repo but then he found out about the @next feature of npm and clearly decided to give that a try so as it make it easy for others to grab the latest version to test it.

(that said, your point about npm security is well made, that's something we will look into to ensure the account is properly locked down)

If you're happy that the new version solves your issue then I think it's fine to close this.

[rmalayter]

Thanks!