Deprecated warnings during initial install of Sailsjs on Windows 7

[SilverPaladin]

Sails version: 0.12.4
Node version: 4.4.7
NPM version: 2.15.8
Operating system: Windows 7 Pro 64bit

---

Installing on windows 7 64 bit with the command:
npm -g install sails
produces the following:

> node ./lib/preinstall_npmcheck.js

Sails.js Installation: Checking npm-version successful
npm WARN deprecated native-or-bluebird@1.1.2: 'native-or-bluebird' is deprecated. Please use 'any-promise' instead.
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated lodash@2.4.1: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0.
npm WARN deprecated cross-spawn-async@2.2.4: cross-spawn no longer requires a build toolchain, use it instead!

[sailsbot]

Hi @SilverPaladin! It looks like you missed a step or two when you created your issue. Please edit your comment (use the pencil icon at the top-right corner of the comment box) and fix the following:

• Provide your Sails version
• Provide your Node version
• Provide your NPM version
• Provide your Operating system
• Verify "I am experiencing a concrete technical issue (aka a bug) with Sails (ideas and feature proposals should follow the guide for proposing features and enhancements (http://bit.ly/sails-feature-guide), which involves making a pull request). If you're not 100% certain whether it's a bug or not, that's okay--you may continue. The worst that can happen is that the issue will be closed and we'll point you in the right direction."
• Verify "I am not asking a question about how to use Sails or about whether or not Sails has a certain feature (please refer to the documentation(http://sailsjs.org), or post on http://stackoverflow.com, our Google Group (http://bit.ly/sails-google-group) or our live chat (https://gitter.im/balderdashy/sails)."
• Verify "I have already searched for related issues, and found none open (if you found a related closed issue, please link to it in your post)."
• Verify "My issue title is concise, on-topic and polite ("jst.js being removed from layout.ejs on lift" is good; "templates dont work" or "why is sails dumb" are not so good)."
• Verify "I have tried all the following (if relevant) and my issue remains:"
• Verify "I can provide steps to reproduce this issue that others can follow."

As soon as those items are rectified, post a new comment (e.g. “Ok, fixed!”) below and we'll take a look. Thanks!

If you feel this message is in error, or you want to debate the merits of my existence (sniffle), please contact inquiries@treeline.io.

[SilverPaladin]

Ok, fixed!

[abisz]

Did you test if the installation was successful? For me the log message just looks like a bunch of warnings that can be ignored.

[SilverPaladin]

Yes everything works. The minmatch seems like a security issue however. Seeing a bunch of warnings during install somehow does not inspire confidence. :)

[mikermcneil]

@SilverPaladin re security issue: We're using minimatch as a dev dependency, via Grunt. So luckily, the vulnerable code path never touches production Sails apps. For a detailed breakdown, see: http://blog.sailsjs.org/post/146087338282/node-security-advisory-for-socketio-v146-and Since updating grunt-sync has caused usability issues and race conditions with other plugins in the past, we're trying to be really careful about bumping any Grunt dependency until we've seen it work perfectly on our own projects for a few weeks. We haven't gotten there yet.

Re perception: totally understand. Since it's a purely aesthetic thing, it's super low on the priority list, but I'm chipping away at it when I have time. Like @abisz said, you can ignore the deprecation warnings. We keep a close eye on security advisories (we're using Sails.js for all of our own critical production systems, fwiw), and if anything pops up, we deal with it ASAP. More background on that here and here.

Thanks!

[mikermcneil]

(btw I think I nabbed the lodash one this morning w/ balderdashy/sails-build-dictionary@4723474 -- haven't gone through and given it another pass yet to see what shows up)

[sailsbot]

@SilverPaladin,@sailsbot,@abisz,@mikermcneil: Hello, I'm a repo bot-- nice to meet you!

It has been 30 days since there have been any updates or new comments on this page. If this issue has been resolved, feel free to disregard the rest of this message and simply close the issue if possible. On the other hand, if you are still waiting on a patch, please post a comment to keep the thread alive (with any new information you can provide).

If no further activity occurs on this thread within the next 3 days, the issue will automatically be closed.

Thanks so much for your help!

[Sid6555]

I just installed sails and got these warnings on my cmd.

npm WARN deprecated native-or-bluebird@1.1.2: 'native-or-bluebird' is deprecated . Please use 'any-promise' instead.
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated lodash@2.4.1: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0.
npm WARN deprecated cross-spawn-async@2.2.4: cross-spawn no longer requires a bu ild toolchain, use it instead!

From the posts above looks like we can continue to create a project. But just not sure why are these older versions still used and what are the implications. Or should they be updated.

[mikermcneil]

Hey @Sid6555 I understand your concern.

But just not sure why are these older versions still used and what are the implications.

See balderdashy/sails-docs@32305e4 (and the two linked threads) for some more background info.

[mikermcneil]

@Sid6555 @SilverPaladin btw re:

Or should they be updated.

Definitely-- they're confusing and scary to folks who are getting started with Sails, plus they make it hard to actually see any real problems. Expect to see all of them cleared out when we release Sails v1.0 later this year. And if I ever forget about all of this pain, and use npm deprecate on any of the Sails core packages in the future, please feel free to remind me about this moment and chide me profusely. 🐙

[sailsbot]

@SilverPaladin,@sailsbot,@abisz,@mikermcneil,@Sid6555: Hello, I'm a repo bot-- nice to meet you!

It has been 30 days since there have been any updates or new comments on this page. If this issue has been resolved, feel free to disregard the rest of this message and simply close the issue if possible. On the other hand, if you are still waiting on a patch, please post a comment to keep the thread alive (with any new information you can provide).

If no further activity occurs on this thread within the next 3 days, the issue will automatically be closed.

Thanks so much for your help!