New to Node and NPM and trying to play around with babylon.js. I installed NVM and switched to Node 16 using nvm use 16. Then I upgraded NPM via npm install -g npm@8.7.0. So far so good.
Then, just like the docs say, I attempt to install the Babylon modules:
npm install babylonjs --save
However the output for this command is:
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated html-webpack-plugin@3.2.0: 3.x is no longer supported
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
added 952 packages, removed 4 packages, changed 31 packages, and audited 1162 packages in 34s
87 packages are looking for funding
run `npm fund` for details
21 vulnerabilities (8 moderate, 12 high, 1 critical)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
I would expect to see a friendly message that says something like:
"The babylonjs modules have been successfully installed"
That's the type of message you'd get using a mature build system such as Maven or Gradle. Or, if it failed, I'd expect to see something like:
"Failure: NPM failed to install the modules because of X"
But instead I see a bunch of unsettling versioning/security (vulnerabilities detected) warnings and a message that reads:
To address all issues, run:
npm audit fix
Run `npm audit` for details.
This leaves me with several unsettling feelings. The main question here is: Did the command succeed? Are the babylonjs modules installed? Did they install correctly? How can I tell? My current directory is still empty...
However, as an aside: do I need to be concerned about all of these warnings? Did they prevent the babylonjs modules from installing properly?
With Maven or Gradle, it will tell you (clear as day) whether your CLI invocation failed or succeeded, but this output is neither.
Don't worry, the installation did occur and from the looks of it, it was successful.
Everything else you are seeing is as a result of the interconnectedness and vastness of the npm ecosystem. The warnings at the top refer to nested dependencies of babylon.js, which may have been deprecated in favour of other modules. There is nothing you can do about this.
However, if you are feeling very keen and you know the authors whose libraries depend on these deprecated ones, you can ask them (nicely) to release new versions of their package without those deprecated packages; Then ask the authors babylon.js (once again, nicely) to upgrade their dependencies to the version released by those authors.
The warnings about vulnerabilities, followed by the command (npm audit fix) to fix them is probably the most you can do just to be safe. Run the command and continue your work.