Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Future? #19

Open
crisward opened this issue May 1, 2018 · 13 comments
Open

Future? #19

crisward opened this issue May 1, 2018 · 13 comments

Comments

@crisward
Copy link
Contributor

crisward commented May 1, 2018

We use then jade in our websites as it gives us the ability to call async functions from our templates
ie

- var menuitems = getMenuFromDatabase()

Are there any plans to update this library? It's currently tripping the node security plugin with this - https://nodesecurity.io/advisories/39 for the uglify js dependency.

Thanks!
@crisward
Copy link
Contributor Author

crisward commented May 1, 2018

BTW should of said - updating to uglify-js >=2.6.0 fixes the security issue.

@ForbesLindesay
Copy link
Member

It's looking for a maintainer at the moment. If your interested, dependencies need updating and it needs to be renamed to then-pug. The biggest job will be that it needs porting to call the low level pug pipeline modules (i.e. pug-lexer, pug-parser, pug-load, pug-linker etc.). If you submit pull requests to do those things, i can add you as a maintainer and you'll be able to publish new versions etc.

@jeromew
Copy link
Contributor

jeromew commented May 10, 2018

@ForbesLindesay, note that then-pug already exists in npm - https://www.npmjs.com/package/then-pug. I ported it a while ago but it was waiting out-of-beta status of pugjs and a discussion on the pug-code-gen babel AST port.

cf issue "rewrite code-gen using babel" - pugjs/pug#2708
the current implementation of code-gen using babel, which I used to port then-jade to then-pug is here : https://github.com/jeromew/pug/tree/master/packages/pug-code-gen

I am interested in your feedback on issue 2708 to know if this direction for code-gen is still something you'd like to pursue now that pugjs is out of beta.

@crisward I will look at the upgrade the uglify version on then-jade but will not work on then-jade anymore - I consider it EOL now that I have a working then-pug version. Feel free

@crisward
Copy link
Contributor Author

@jeromew I'll keep my eyes open for then-pug being finalised. Thanks for the update and your work on this.

@jeromew
Copy link
Contributor

jeromew commented May 10, 2018

@crisward I just published 2.4.4 with uglify-js on 2.4.24 (same as in your PR). Tell me if it works for you.

@crisward
Copy link
Contributor Author

Thanks for your help on this. I installed 2.4.4 and I still get the security errors.

[email protected] > [email protected] > [email protected]  
[email protected] > [email protected] > [email protected] > [email protected] 
[email protected] > [email protected] > [email protected] > [email protected]

However if I install from git+https://[email protected]/crisward/then-jade.git which doesn't have the ~ it installs the specified version of uglify and passes. I'm guessing node must resolve to the most compatible version with the various dependencies.

BTW I did the usual routine of deleting my package-lock.json file and ./node_modules/ folder prior to running npm install and running nsp for both your version and my git fork. For some reason I also got [email protected] without changing anything but the uglify version (which I really don't understand).

@jeromew
Copy link
Contributor

jeromew commented May 12, 2018

your problem seems to come from the dependencies of jade 1.11.0. The issue has already been discussed for instance pugjs/pug#2399 and pugjs/pug#2072.

I will speak under @ForbesLindesay's scrutiny, but within the pugjs project, the choice was made at this stage to not publish new versions of jade and jade subprojects because we do not want to maitain them as pug is already production ready.

regarding then-jade, I already use then-pug in production code and it works without a flaw imho. I added warnings to the npm project because the way then-pug was coded is not totally streamlined.

someone has decided to publish and updated jade version under https://www.npmjs.com/package/jade-legacy. This version would fix your issue.

maybe I can suggest that you create a new then-jade-legacy project that would use jade-legacy as a dependency instead of jade. it would fix your issues and you would be fully autonomous for future dependency upgrades.

tell me what you think.

@ForbesLindesay
Copy link
Member

@jeromew can you update this repo to have the code for then-pug? I would like to get then-jade deprecated if then-pug is useable (which by the sounds of things, it is).

@jeromew
Copy link
Contributor

jeromew commented Jun 4, 2018

@ForbesLindesay yes it works. I'll see how to organise the repo to use the pug babel branch.

@crisward
Copy link
Contributor Author

crisward commented Jun 5, 2018
edited
Loading

Also noticed it uses lots of babel stuff to make generators possible (via regenerator). This could probably be dropped now these are supported in node?

@BananaAcid
Copy link

Sooo ... is this alive?

@jeromew
Copy link
Contributor

jeromew commented Dec 20, 2019

it currently works. I still have difficulties to find a good way to organise the repo in order to keep it simple to stay in sync with upstream.

@BananaAcid
Copy link

BananaAcid commented Dec 20, 2019
edited
Loading

I saw an update of Pug from 6 month ago - is there anything missing in then-pug compared to pug?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jeromew @ForbesLindesay @BananaAcid @crisward