Previous attempt failed by design of `npm pack` / `npm publish`,
as documented at https://docs.npmjs.com/cli/v6/configuring-npm/package-lock-json :
> One key detail about package-lock.json is that it cannot be published,
> and it will be ignored if found in any place other than the toplevel
> package. It shares a format with npm-shrinkwrap.json, which is
> essentially the same file, but allows publication.
>
> This is not recommended unless deploying a CLI tool or otherwise using
> the publication process for producing production packages.
, and we are a CLI tool. Switching to shrinkwrap.
They were used a long time ago, then I scrapped them for simplicity to
new contributors. I'm re-considering this and re-introducing one, for
two (maybe three) reasons:
1. Reading on supply chain attacks
2. Build broken because of a dep change (see previous commit broken
because of a change in yargs @ 17.1.0)
(3.) Performance
```
npm WARN deprecated @types/loglevel@1.6.3: This is a stub types definition. loglevel provides its own type definitions, so you do not need this installed.
npm WARN deprecated @types/electron-packager@15.0.1: This is a stub types definition. electron-packager provides its own type definitions, so you do not need this installed.
```
Also, add `@types/debug` necessary to fix build, as already done by
@TheCleric in https://github.com/nativefier/nativefier/pull/1230/files
Also, for all deps, bump minimum version to current version
* Catch promise errors better
* Move subFunctions to bottom of createNewWindow
* Use parents when creating child BrowserWindow instances
* Some about:blank pages have an anchor (for some reason)
* Inject browserWindowOptions better
* Interim refactor to MainWindow object
* Split up the window functions/helpers/events some
* Further separate out window functions + tests
* Add a mock for unit testing functions that access electron
* Add unit tests for onWillPreventUnload
* Improve windowEvents tests
* Add the first test for windowHelpers
* Move WebRequest event handling to node
* insertCSS completely under test
* clearAppData completely under test
* Fix contextMenu require bug
* More tests + fixes
* Fix + add to createNewTab tests
* Convert createMainWindow back to func + work out gremlins
* Move setupWindow away from main since its shared
* Make sure contextMenu is handling promises
* Fix issues with fullscreen not working + menu refactor
* Run jest against app/dist so that we can hit app unit tests as well
* Requested PR changes
* Add strict typing; tests currently failing
* Fix failing unit tests
* Add some more eslint warnings and fixes
* More eslint fixes
* Strict typing on (still issues with the lib dir)
* Fix the package.json import/require
* Fix some funky test errors
* Warn -> Error for eslint rules
* @ts-ignore -> @ts-expect-error
* Add back the ext code I removed
* Catch promise errors better
* Move subFunctions to bottom of createNewWindow
* Use parents when creating child BrowserWindow instances
* Some about:blank pages have an anchor (for some reason)
* Inject browserWindowOptions better
* Interim refactor to MainWindow object
* Split up the window functions/helpers/events some
* Further separate out window functions + tests
* Add a mock for unit testing functions that access electron
* Add unit tests for onWillPreventUnload
* Improve windowEvents tests
* Add the first test for windowHelpers
* Move WebRequest event handling to node
* insertCSS completely under test
* clearAppData completely under test
* Fix contextMenu require bug
* More tests + fixes
* Fix + add to createNewTab tests
* Convert createMainWindow back to func + work out gremlins
* Move setupWindow away from main since its shared
* Make sure contextMenu is handling promises
* Fix issues with fullscreen not working + menu refactor
* Run jest against app/dist so that we can hit app unit tests as well
* Requested PR changes
* Catch promise errors better
* Move subFunctions to bottom of createNewWindow
* Use parents when creating child BrowserWindow instances
* Some about:blank pages have an anchor (for some reason)
* Inject browserWindowOptions better
* Interim refactor to MainWindow object
* Split up the window functions/helpers/events some
* Further separate out window functions + tests
* Add a mock for unit testing functions that access electron
* Add unit tests for onWillPreventUnload
* Improve windowEvents tests
* Add the first test for windowHelpers
* Move WebRequest event handling to node
* insertCSS completely under test
* clearAppData completely under test
* Fix contextMenu require bug
* More tests + fixes
* Fix + add to createNewTab tests
* Convert createMainWindow back to func + work out gremlins
* Move setupWindow away from main since its shared
* Make sure contextMenu is handling promises
It contains a weird mix of stuff and hides valuable files from view at the root of the repo. Better to have:
- Docs at the root
- Rest of the github/release-related hodgepodge (screenshots, scripts) in hidden folder .github
We don't need a fancy _"portable (Windows/Linux/macOS) implementation
of Unix shell commands on top of the Node.js API"_, we just want to run
a simple script. Replacing with using stdlib `child_process.spawnSync`.
Thinking about it again, the user-friendlier `a.x` syntax has one disadvantage
over `^a.b.c`: it doesn't force deps upgrades when they upgrade Nativefier.
`a.x` is fine on initial install, but a user with an insecure dep
(e.g. axios 0.19.0) will _not_ get fixed axios 0.21.1 on upgrading Nativefier.
-> Come back to `a.x` everywhere.
Still not introducing package locks, they're too confusing to new devs.
See https://github.com/nativefier/nativefier/pull/1099#issuecomment-761250232
Rationale for nonsensical major version bump: around Nativefier 8.x,
versions of Nativefier and Electron aligned, by release schedule coincidence.
Since Nativefier has little breaking changes, it was great: as Electron
releases are breaking, Nativefier had no breaking changes, I bumped our
major version on new major Electron, and everything was good.
Except *now*, as I have a breaking change, that would bump Nativefier to
12.x, which would be confusing since we'd still default to Electron 11 :-/ .
-> To keep respecting semver and reduce confusion, bumping Nativefier
version to something far ahead. No it doesn't matter, version
number are meaningless anyway (well, outside of semver, whose
respect is precisely the point here).
I noticed that the development README suggested using multiple console
windows/tabs for a good development experience. Using the package `concurrently`,
we can streamline that and require only one window with output for both watch processes:
Co-authored-by: Ronan Jouchet <ronan@jouchet.fr>
1. Fix (broken since 2016): Notifications broken by lambda constructor
2. Fix: `--processEnvs` broken by additional processEnvs object, the result was:
`processEnvs: {processEnvs: {...}}` which caused the conversion of the inner object into string `[object Object]`, no nesting allowed there probably. Compatibility introduced.
3. Fix: package.json missing `prepare` (or even prepublish), which breaks using as git dependency.
As documented in https://github.com/jiahaog/nativefier/issues/923#issuecomment-599300317 ,
- #923 is caused by installing placeholder app deps at nativefier
*install* time, with yarn (8.0.2) or npm (8.0.3). This is new in
Nativefier 8.x, for the motivations behind it, see
https://github.com/jiahaog/nativefier/pull/898#issuecomment-583865045
- During testing, I did test global installs, but never to a
system / non-user-writable path (my `$npm_config_prefix` is set to
`"$HOME/.node_modules"`)
- But without such a config and when installing globally to a
non-user-writable/system path with `sudo npm i -g nativefier`,
- Installation of nativefier core works...
- ... but then `postinstall` tries to do its job of installing
app deps, and fails in various OS-dependent ways, but all about
access rights.
I suspect that, although main nativefier install runs as `su` with
access rights to system paths, `postinstall` scripts are run *out*
of `su`.
That would make sense for security reasons: out of hook scripts,
npm knows exactly what will be touched in your filesystem: it's the
static contents of the published tarball; a postinstall script with
sudo rights could do nasty dynamic stuff. So, although I don't see
any mention of that in
[npm-scripts docs / hooks](https://docs.npmjs.com/misc/scripts#hook-scripts)
and I haven't dug npm/cli's code, I can understand it.
So, reverting back to `webpack`ing the placeholder app, as done pre-8.0.
## Breaking changes
- Require **Node >= 8.10.0 and npm 5.6.0**
- Move to **Electron 8.1.1**.
- That's it. Lots of care went into breaking CLI & programmatic behavior
as little as possible. **Please report regressions**.
- Known issue: build may fail behind a proxy. Get in touch if you use one:
https://github.com/jiahaog/nativefier/issues/907#issuecomment-596144768
## Changes summary
Nativefier didn't get much love recently, to the point that it's
becoming hard to run on recent Node, due to old dependencies.
Also, some past practices now seem weird, as better expressible
by modern JS/TS, discouraging contributions including mine.
Addressing this, and one thing leading to another, came a
bigger-than-expected revamp, aiming at making Nativefier more
**lean, stable, future-proof, user-friendly and dev-friendly**,
while **not changing the CLI/programmatic interfaces**. Highlights:
- **Require Node>=8**, as imposed by many of our dependencies. Node 8
is twice LTS, and easily available even in conservative Linux distros.
No reason not to demand it.
- **Default to Electron 8**.
- **Bump** all dependencies to latest version, including electron-packager.
- **Move to TS**. TS is great. As of today, I see no reason not to use it,
and fight interface bugs at runtime rather than at compile time.
With that, get rid of everything Babel/Webpack.
- **Move away from Gulp**. Gulp's selling point is perf via streaming,
but for small builds like Nativefier, npm tasks are plenty good
and less dependency bloat. Gulp was the driver for this PR: broken
on Node 12, and I didn't feel like just upgrading and keeping it.
- Add tons of **verbose logs** everywhere it makes sense, to have a
fine & clear trace of the program flow. This will be helpful to
debug user-reported issues, and already helped me fix a few bugs.
- With better simple logging, get rid of the quirky and buggy
progress bar based on package `progress`. Nice logging (minimal
by default, the verbose logging mentioned above is only used
when passing `--verbose`) is better and one less dependency.
- **Dump `async` package**, a relic from old callback-hell early Node.
Also dump a few other micro-packages unnecessary now.
- A first pass of code **cleanup** thanks to modern JS/TS features:
fixes, simplifications, jsdoc type annotations to types, etc.
- **Remove GitHub integrations Hound & CodeClimate**, which are more
exotic than good'ol'linters, and whose signal-to-noise ratio is too low.
- Quality: **Add tests** and add **Windows + macOS CI builds**.
Also, add a **manual test script**, helping to quickly verify the
hard-to-programatically-test stuff before releases, and limit regressions.
- **Fix a very small number of existing bugs**. The goal of this PR was
*not* to fix bugs, but to get Nativefier in better shape to do so.
Bugfixes will come later. Still, these got addressed:
- Add common `Alt`+`Left`/`Right` for previous/next navigation.
- Improve #379: fix zoom with `Ctrl` + numpad `+`/`-`
- Fix pinch-to-zoom (see https://github.com/jiahaog/nativefier/issues/379#issuecomment-598612128 )
