@Timothee @datafruits @Nick_M Hey guys, when you get the chance, could you try running through the steps in the updated dev setup readme for the player @boopboop’s been working on? We just want to be sure it makes sense.
See: readme updates by whatSocks · Pull Request #103 · resonatecoop/stream · GitHub
(@Nick_M, ping me on telegram if you want further assistance setting things up locally)
Here are the issues I ran into my first time around:
update readme branch: GitHub - whatSocks/stream at readme-updates-2
When you get set up, please test:
update - readme-updates-2 branch has been rebased with the latest updates to the player. Still need some volunteers to try to follow the instructions on their machines.
@Nick_M When you have time did you want to give this one a whirl? Would be a good entry point to getting more into development if you’re interested 
Okies!
Build was successful and player ran locally using @boopboop’s new readme instructions. 
There were a couple of deprecated package warnings:
har-validator and request packages are deprecated. Are they actually used anywhere in stream?
uuid@3.4.0 deprecated - I did an npm install uuid@8.3.2 (latest), but I guess it’s still using the old one?
I cloned the repo fine with HTTPS:
git clone https://github.com/resonatecoop/stream.git
…but as usual for me, SSH did not work. This is what I was trying to do:
git clone git@github.com:resonatecoop/stream.git …but I kept getting bad permissions
SSH Setup was to
- Host git@github.com:resonatecoop
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_
Lerna:
Many deprecated package warnings with lerna bootstrap …possibly compounded by an old node lockfile issue… but it seems all the warnings can be ignored?
I was expecting something to break because of the
.env file line:
OAUTH_HOST=https://id.resonate.localhost
…rather than pointing to a real ID server…
…but all seemed to run OK. Haven’t tried the login yet though.
can you post the deprecation warnings? What version of node are you using?
This is what I get on lerna bootstrap
➜ stream git:(development) ✗ lerna bootstrap
info cli using local version of lerna
lerna notice cli v3.22.1
lerna info versioning independent
lerna info bootstrap root only
removed 39 packages, changed 1 package, and audited 2466 packages in 52s
112 packages are looking for funding
run `npm fund` for details
57 vulnerabilities (18 low, 28 moderate, 11 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
I also don’t have a lockfile at the project’s root, so I’m wondering how you got one
➜ stream git:(development) ✗ ls
CHANGELOG.md CONTRIBUTING.md README.md docker-compose.yml embed nginx.conf package.json
CODE_OF_CONDUCT.md LICENSE beta docs lerna.json node_modules packages
Thanks @boopboop:
node -v
v14.15.1
npm -v
7.24.1
lsb_release -cdir
Distributor ID: Ubuntu
Description: Ubuntu 21.04
Release: 21.04
Codename: hirsute
(upgraded node to latest before starting)
My lerna bootstrap:
lerna bootstrap
lerna notice cli v4.0.0
lerna info versioning independent
lerna info bootstrap root only
npm WARN deprecated flatten@0.0.1: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated mkdirp-promise@5.0.1: This package is broken and no longer maintained. 'mkdirp' itself supports promises now, please switch to that.
npm WARN deprecated flatten@1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated flat@1.0.0: Fixed a prototype pollution security issue in flat, please upgrade to ^1.6.2 or ^5.0.1.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated mkdirp@0.3.5: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated ecstatic@3.3.2: This package is unmaintained and deprecated. See the GH Issue 259.
npm WARN deprecated ecstatic@4.1.4: This package is unmaintained and deprecated. See the GH Issue 259.
npm WARN deprecated core-js@2.6.12: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
added 2314 packages, and audited 2350 packages in 2m
113 packages are looking for funding
run `npm fund` for details
57 vulnerabilities (18 low, 28 moderate, 11 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
How did I get a lockfile? Strangely I was warned it was created by an earlier version of npm or missing, so I followed instructions to ‘create’ or force it: npm i --package-lock-only
I don’t think package-lock.json is necessarily in the top level - there are instances in the node_modules subdirs:
/home/nick/development/resonate/stream/node_modules/babel-code-frame/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-helper-define-map/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-helper-regex/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-plugin-transform-es2015-block-scoping/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-plugin-transform-regenerator/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-polyfill/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-register/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-runtime/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-template/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-traverse/package-lock.json
/home/nick/development/resonate/stream/node_modules/babel-types/package-lock.json
/home/nick/development/resonate/stream/node_modules/browser-pack-flat/example/package-lock.json
/home/nick/development/resonate/stream/node_modules/nanoanimation/package-lock.json
/home/nick/development/resonate/stream/node_modules/npm-normalize-package-bin/package-lock.json
This is what I have now in stream:
ls
beta CONTRIBUTING.md embed nginx.conf packages
CHANGELOG.md docker-compose.yml lerna.json node_modules README.md
CODE_OF_CONDUCT.md docs LICENSE package.json
I’m on node -v v16.9.1 and am getting less issues than you are, but if you can run things on v14.15.1 with warnings, maybe there’s no issue and we’re overthinking it. The readme should be more explicit on what it means by ‘latest’ though.
I did researching the interaction of lerna and lock files to try to run npm audit - basically lerna is barely getting updates so we shouldn’t hold our breath waiting for lerna team to add support for npm audit. If we want to find out what needs updating, we’d have to go package by package and check. The solution for this that I saw brought up over and over was to write a script that automates this. One team even built lerna-audit - npm ! I did try using lerna-audit but it didn’t fix the issue. I also didn’t try that hard, so maybe it’s a solution.
But if the app runs, then perhaps there’s no issue? Aside from the chore of checking dependencies?
regarding the OAUTH_HOST: I’m not even including this variable in my env and nothing seems to break. But once the big switch occurs we should revisit this.
@Nick_M could you try logging in and create / edit a playlist as a final test? And also see if these tags show up when you click on the search field?
@developers We’re all pretty busy atm, but if anyone wants to chat about non-epic dev work, here’s a room . Otherwise see you guys in a few hours for the player/website epic wrap up.
This is still the thread https://github.com/resonatecoop/stream#readme points to.
Is this the best place to receive interested dev contributors?
Seems a little dead up top… (a call to a meeting that quit happening 6 months ago).
Does someone have a better place to point that readme link to?
It seems that the wording preceding the link implies that it links to the Platform section of this forum. Not sure if that’s the best spot, but it would probably be better than linking to this specific thread. If I remember correctly, this tripped me up when I was first getting involved, so it would probably be good to amend/change that link.
@piper I’m rusty with git and don’t want to edit the readme file live.
Do you mind updating the [forum] link given in line 40 to https://community.resonate.is/c/platform/l/latest?board=default ?
