Is this project no longer going to be maintained?

[BradNut]

Obviously there have been no commits to this repo in a long time but even cloning and deploying to Heroku no longer works as some dependencies in npmjs 404. If there is no plan to maintain the repo then shouldn't it be marked as such?

[exogen]

Which dependencies 404? I don't think any npm dep should ever 404 since they're supposed to be immutable.

It's more that there's not much left to do on this project besides bumping dependencies or a major refactor. Otherwise, all the features I need exist.

[BradNut]

I forked the project and tried just straight pointing Heroku at the repository and I had an issue when it tried to build. Maybe I am just doing it wrong since I didn't see any example for deploying to Heroku.
The following output:

-----> Building on the Heroku-20 stack
-----> Node.js app detected
-----> Creating runtime environment
       NPM_CONFIG_LOGLEVEL=error

       USE_YARN_CACHE=true

       NODE_VERBOSE=false

       NODE_ENV=production

       NODE_MODULES_CACHE=true

       

-----> Installing binaries

       engines.node (package.json):  >=8.10.0

       engines.npm (package.json):   >=5.2.0

       engines.yarn (package.json):  unspecified (use default)

       

       Resolving node version >=8.10.0...

       Downloading and installing node 15.11.0...

       Bootstrapping npm >=5.2.0 (replacing 7.6.0)...

       npm >=5.2.0 installed

       Resolving yarn version 1.22.x...

       Downloading and installing yarn (1.22.10)

       Installed yarn 1.22.10

       

-----> Installing dependencies

       Installing node modules (yarn.lock)

       yarn install v1.22.10

       [1/4] Resolving packages...

       [2/4] Fetching packages...

       error An unexpected error occurred: "https://registry.yarnpkg.com/event-stream/-/event-stream-3.3.6.tgz: Request failed \"404 Not Found\"".

       info If you think this is a bug, please open a bug report with the information provided in "/tmp/build_bcb8e13d/yarn-error.log".

       info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

-----> Build failed

       

       We're sorry this build is failing! You can troubleshoot common issues here:

       https://devcenter.heroku.com/articles/troubleshooting-node-deploys

       

       Some possible problems:

       

       - Dangerous semver range (>) in engines.node

         https://devcenter.heroku.com/articles/nodejs-support#specifying-a-node-js-version

       

       Love,

       Heroku

       

 !     Push rejected, failed to compile Node.js app.

 !     Push failed

[exogen]

It looks to just be unlucky that a vulnerable version of event-stream was captured in the dependencies: https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident

Although I'm a bit confused at how that could happen since there's no lockfile or anything in this repo that would be specifying that specific of a version. Maybe a subdep species a specific version?

[exogen]

I can look into modernizing the dependencies a bit tonight to get around this.

[BradNut]

Ok yeah that may be helpful. I was looking through the dependencies locally and trying to update but obviously the person who wrote it would be quicker haha.

[BradNut]

@exogen Were you able to look into modernizing the dependencies?

[exogen]

I ran into some difficulties upgrading, but for now an easy workaround was to reset the lockfile completely and reinstall, letting everything re-resolve while keeping the same version specifiers in package.json.

So things are still fairly out of date, but it should be installable now! I'm working on the upgrade issues.