A "moderate severity vulnerability" and a few warnings during conversion

[fogelfish]

Describe the bug

I tested parabeac on a simple mobile screen in Sketch. I'm really impressed with the conversion and very excited by your project. I'll continue with more complex screens. But, as it is, I think this is amazingly clean, even with the warnings issued by the "dart parabeac.dart" command output, below:

To Reproduce

Steps to reproduce the behavior:

1. Run the dart parabeac.dart -p command. It started with these errors.

$ dart parabeac.dart -p /Users/brianfogel/Sites/TestBed.sketch -n playground
audited 537 packages in 1.876se and its dependencies

43 packages are looking for funding
run npm fund for details

found 1 moderate severity vulnerability
run npm audit fix to fix them, or npm audit for details
[====] Installed Sketch Asset Converter dependencies
npm WARN sketch-assets-converter@1.0.0 No repository field.
npm WARN sketch-assets-converter@1.0.0 No license field.

/Users/brianfogel/Sites/parabeac-core/pb-scripts/install.sh: line 38: pub: command not found
/Users/brianfogel/Sites/parabeac-core/pb-scripts/install.sh: line 42: 80977 Killed: 9 spin $* (wd: ~/Sites/parabeac-core)

The important part of the above output was moderate severity vulnerability. The suggested fix did not work:

$ npm audit fix
npm ERR! code EAUDITNOPJSON
npm ERR! audit No package.json found: Cannot audit a project without a package.json

npm ERR! A complete log of this run can be found in:
npm ERR! /Users/brianfogel/.npm/_logs/2021-03-14T00_39_17_989Z-debug.log

Further into the command output was this warning:

warning: failed to load external entity "tempout.xml"

What is the "tempout.xml" file? Is it important or useful and what happens if it can't be loaded?

The command output finished with this warning:

lib/main.dart: Warning: Interpreting this as package URI, 'package:parabeac_core/main.dart'.
Unhandled exception:
ProcessException: No such file or directory
Command: dartfmt -w /Users/brianfogel/Sites/playground/bin /Users/brianfogel/Sites/playground/lib /Users/brianfogel/Sites/playground/test
#0 _ProcessImpl._runAndWait (dart:io-patch/process_patch.dart:476:7)
#1 _runNonInteractiveProcessSync (dart:io-patch/process_patch.dart:619:18)
#2 Process.runSync (dart:io-patch/process_patch.dart:66:12)
#3 FlutterProjectBuilder.convertToFlutterProject (package:parabeac_core/generation/flutter_project_builder/flutter_project_builder.dart:153:15)

#4 Controller.convertFile (package:parabeac_core/controllers/controller.dart:55:5)

#5 SketchController.convertFile (package:parabeac_core/controllers/sketch_controller.dart:37:5)

The project's lib folder is /Users/brianfogel/Sites/playground/lib. What does this warning mean? Did this cut off the conversion process?

I opened the converted files in my IDE

Impact of the problem

I'm not sure what the impact of these warnings and error were but I'm providing them in case they're useful.

Environment:

• MacOS Big Sur 11.2
• fish shell 3.20
• nvm 0.37.2
• node v14.16.0
• IntelliJ Ultimate 2020.3
• Dart 2.12.0
• Flutter 2.0.1

Additional comments/context:

It would be nice if the documentation talked more about the proper way to locate the 'parabeac-core' folder in relation to an existing flutter project folder. What if I already have identically named folders and dart files? Would parabeac overwrite them?

I located the 'parabeac-core' repo folder one folder above an existing project directory ('playground') to see what it would do. It modified my project's main.dart file by replacing the body of void main() {}.

void main() {
  runApp(
    MultiProvider(
      providers: [],
      child: MyApp(),
    ),
  );
}

Previously it was:

void main() {
  runApp(HomePage());
}

That's not so bad in this case but it could have been much worse and the documentation should talk about this. It also created a new folder and file hierarchy under lib.

screens
└page_1
└sign_in.dart

In hindsight it did that because 'Sign in' is under 'Page 1' in my Sketch file, but what if that folder and file hierarchy had already existed? Would parabeac have overwritten them?

I had to make very minor edits to the converted flutter and dart code. I'm running with null safety and luckily the auto_size_text package has a pre-release null safe version and provider is null safe. There were some spelling oddities that in hindsight I can see were due to how I named layers and elements in Sketch. I did not use <> annotation in the layer or element names to help with the conversion. For now I just wanted to see what would happen to a file conversion without me making any changes to it. Thank you for this project.

[ivan-015]

Hi @fogelfish thanks for this well-documented issue!

We'll definitely address the npm vulnerability suggestions and look into the .xml missing file 🤔

Regarding the failed dartfmt command, this command simply serves to format the output of parabeac-core so you don't have to manually run the command or format the code through an IDE. My assumption is that the dart command could not be found, since the path in the command seems to be correct, but I'll look into this issue. My suggestion would be to try to run that exact same command through your terminal to see if it also fails the same way it does for parabeac-core. Fortunately, this particular error does not affect the output, since by this point the output has already been generated, it just means it was unable to be formatted.

The additional comments are also super useful. Currently, parabeac-core does overwrite the existing files if there are naming collisions, and I can definitely see that being a problem. I'll make a separate issue for adding a prompt for the user to confirm overwriting files if the project name and file names are the same as a previously existing project.

Finally, it seems like you're using Provider. We currently have support for State Management, including Provider. Feel free to check it out in the State Management Basics section of our wiki. Feel free to give us feedback on the output in our Discord server!

[fogelfish]

@ivan-015 it looks like parabeac was looking in these directories for dartfmt.

dartfmt -w /Users/brianfogel/Sites/playground/bin /Users/brianfogel/Sites/playground/lib /Users/brianfogel/Sites/playground/test

In my system the dartfmt binary is located at `/Users//flutter/flutter/bin/cache/dart-sdk/bin. This isn't in my $PATH however, because I never run dart binaries from the command line. Anyway, it was a minor inconvenience to have to format the converted files from my IDE.

That's great that you'll add a prompt for the user to confirm overwriting files. Would it be too much to present the choice between doing this on a per-project basis or a file-by-file basis?

[ivan-015]

@fogelfish , interesting. Adding the dart directory to your PATH should solve this issue but let us know if it doesn't!

We've created issues for a confirmation prompt that we plan on solving this week. Feel free to check out the Project for this week's sprint and our Discord if you want more updates, hope to see you there!