bad sqlite3 version pinned in package.json

[kfo1182]

Summary

Postleaf requires sqlite3 node module, and it is pinned to version 3.1.8 - which is not available in binary, so it tries to build it - and fails, because of node_modules versions incompatibility. It would be nice to pin the sqlite3 version more loosely, e.g. with ^ operator, so that it could download i.e. [email protected] which downloads as a binary and is of the same semantic version.

Steps to Reproduce

1. Download the postleaf git repository, cd there.
2. Run npm install

Additional info

• Postleaf version: master branch as of 28 march 2018
• Node version: 9.9.0
• Affected browsers: not a browser problem
• Operating system: Ubuntu server 16.04.4

---

Note: This issue tracker is ONLY for bug reports and feature requests. If this is a personal support issue, please visit postleaf.org/support.

[claviska]

There’s no reason it should be pinned…not sure why it is. I’m happy to accept a PR if you’d like credit for the fix.

[kfo1182]

Oh, I don't care about credit! It would probably be much faster for you to do it.

[kfo1182]

The main problem seems to be that you ship postleaf with an old package-lock.json from some previous install. I mostly practice python, and a node.js newbie, but pretty sure you are not supposed to do that, since it overrides package.json and installs a retro snap of the requirements. When I rm package-lock.json everything gets npm installable.

But further down the set up I get an error, because the semantic version of gulp-sass pinned in package.json is incompatible with node.js >= v6. So I have to manually pin a newer version (^3.2.0 instead of ^2.3.2) for SASS to work.

And finally, there are some minor errors during gulp build. (Missing mixins in SCSS files, and some unresolved reference in bootstrap.js)

All this versioning needs some refactoring, which I can't help you with - for lack of competence in npm ecosystem, lack of big picture and lack of time. Always happy to report you practical feedback from running your sofrware. Thank you!

[karsasmus]

The npm will create a package-json.lock after each npm i.
If Cory wanted to pin the versions then there would be a npm-shrinkwrap.json.

Postleaf is tested with node 7 you're using node 9.9.0, so it's possible that you run into some failures...

[kfo1182]

My bad, I overlooked that node.js version is pinned in the install instructions. For now this issue is moot, and can be probably got back to when Postleaf supports current node releases.

[claviska]

Yeah, the package-lock.json file is intended to "lock" the packages at specific versions so you can guarantee every install will use the same versions. This file is typically commited to the repo.

I'm not sure why your build is failing. My dev and prod systems both had SQLite installed already. If yours didn't, that may be why. It could also be just an issue with the latest version of Node.

I'd like to bump the Node version to the most recent LTS, but I haven't had time to test things out and run an update.

[kfo1182]

I made a gist of how I managed to build and run Postleaf on my machine: https://gist.github.com/kfo1182/2b2c372b7ecb61dd4ba5b71862bab090

It's ok that Postleaf runs on specific generation of node, as far as it's mentioned in the README, but this very release is not the best idea, since node v7.x was plugged off support almost a year ago. Many people are afraid to run it. node v6.x (still supported LTS) would be better.
https://github.com/nodejs/Release#release-schedule

As a side note, you can kind of pin node version in the package.json with "engines" : { "node" : "~7.0.0" } but it is not enforced by default, only with npm config set engine-strict.

[kylechine]

Now the LTS nodejs version is 10.13.0. And Postleaf could not be installed with Node.js 10.13.0. Because the dependency of SQLite issue.