Roots Discourse

What version of Node should I use

When I run yarn after the first install of the Sage theme I always get a lot of warnings etc.

I currently have:

  • node v12.22.6
  • yarn v1.22.17
  • npm v6.14.15

I just want to know whats the optimum versions to develop locally with Bedrock and Sage

I should say I only use the basic install composer commands:

composer create-project roots/bedrock

and

composer create-project roots/sage

And when I run yarn I get this…

warning browser-sync > socket.io > debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
warning browser-sync > socket.io > engine.io > debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
warning browser-sync > socket.io > socket.io-parser > debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
warning browsersync-webpack-plugin > webpack-hot-middleware > querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
warning browsersync-webpack-plugin > bs-html-injector > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning browsersync-webpack-plugin > bs-html-injector > jsdom > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning browsersync-webpack-plugin > bs-html-injector > request > har-validator@5.1.5: this library is no longer supported
warning browsersync-webpack-plugin > bs-html-injector > request > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning browsersync-webpack-plugin > bs-html-injector > dom-compare-temp > xmldom@0.1.16: Deprecated due to CVE-2021-21366 resolved in 0.5.0
warning copy-globs-webpack-plugin > chokidar@1.7.0: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning copy-globs-webpack-plugin > chokidar > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning copy-globs-webpack-plugin > chokidar > readdirp > micromatch > snapdragon > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
warning copy-globs-webpack-plugin > chokidar > readdirp > micromatch > snapdragon > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning css-loader > cssnano > autoprefixer > browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning css-loader > cssnano > postcss-merge-rules > browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning css-loader > cssnano > postcss-merge-rules > caniuse-api > browserslist@1.7.7: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning css-loader > cssnano > postcss-svgo > svgo@0.7.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
warning css-loader > cssnano > postcss-minify-selectors > postcss-selector-parser > flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
warning cssnano > cssnano-preset-default > postcss-svgo > svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
warning eslint > file-entry-cache > flat-cache > circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
warning eslint-loader@4.0.2: This loader has been deprecated. Please use eslint-webpack-plugin
warning extract-text-webpack-plugin@3.0.2: Deprecated. Please use https://github.com/webpack-contrib/mini-css-extract-plugin
warning imagemin-mozjpeg > mozjpeg > bin-build > tempfile > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning imagemin-webpack-plugin > imagemin-svgo > svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
warning imagemin-webpack-plugin > babel-runtime > core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
warning node-sass > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning node-sass > node-gyp > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning resolve-url-loader > rework > css > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning stylelint > @stylelint/postcss-markdown@0.36.2: Use the original unforked package instead: postcss-markdown
warning uglifyjs-webpack-plugin > uglify-es@3.3.9: support for ECMAScript is superseded by `uglify-js` as of v3.13.0
warning webpack > watchpack > watchpack-chokidar2 > chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning webpack > watchpack > watchpack-chokidar2 > chokidar > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning webpack > node-libs-browser > url > querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
warning webpack-dev-middleware > webpack-log > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
[3/5] 🚚  Fetching packages...
[4/5] 🔗  Linking dependencies...
warning " > autoprefixer@10.4.0" has unmet peer dependency "postcss@^8.1.0".
warning " > eslint-loader@4.0.2" has incorrect peer dependency "eslint@^6.0.0 || ^7.0.0".
warning " > eslint-loader@4.0.2" has incorrect peer dependency "webpack@^4.0.0 || ^5.0.0".
warning " > file-loader@6.2.0" has incorrect peer dependency "webpack@^4.0.0 || ^5.0.0".
warning " > postcss-loader@4.3.0" has incorrect peer dependency "webpack@^4.0.0 || ^5.0.0".
warning " > postcss-loader@4.3.0" has unmet peer dependency "postcss@^7.0.0 || ^8.0.1".
warning " > sass-loader@6.0.7" has incorrect peer dependency "node-sass@^4.0.0".
warning " > stylelint-webpack-plugin@0.10.5" has incorrect peer dependency "stylelint@^8.0.0".
warning " > stylelint-webpack-plugin@0.10.5" has incorrect peer dependency "webpack@^1.13.2 || ^2.7.0 || ^3.11.0 || ^4.4.0".
warning " > url-loader@4.1.1" has incorrect peer dependency "webpack@^4.0.0 || ^5.0.0".

I can run yarn start and it all works but feel like I could be missing out on a better development process if I didn’t have all those warnings?

Thoughts…?
Any help would be gratefully received :slight_smile:

I prefer using node LTS, there are multiple major version branches.

Use a node version manager like nvm with a .nvmrc file to lock the known working node version in.

1 Like

Will using node LTS v16 help with all those warnings?

3 Likes