remy

remy

JavaScript (node + client side) developer with over 20 years experience. Contact me for any work or questions about JS I might be able to help you with.

Member Since 13 years ago

Left Logic / @leftlogic , Brighton, UK

Experience Points
7.1k
follower
Lessons Completed
6
follow
Lessons Completed
850
stars
Best Reply Awards
315
repos

2577 contributions in the last year

Pinned
⚡ Monitor for any changes in your node.js application and automatically restart the server - perfect for development
⚡ My b:log and all its content in plain (unabashed) text
⚡ Collaborative JavaScript Debugging App
⚡ A personal JSON store as a RESTful service
⚡ Web based console - for presentations and workshops
⚡ 🤖 A slack bot for retrospectives
Activity
Dec
7
12 hours ago
Activity icon
issue

remy issue comment remy/nodemon

remy
remy

Consider removing/replacing update-notifier

This is the dependency tree I got from installing nodemon in an empty project:

└─┬ [email protected]
  ├─┬ [email protected]
  │ ├─┬ [email protected]
  │ │ ├── [email protected] deduped
  │ │ └── [email protected]
  │ ├─┬ [email protected]
  │ │ └─┬ [email protected]
  │ │   └─┬ [email protected]
  │ │     └── [email protected]
  │ ├── [email protected]
  │ ├─┬ [email protected]
  │ │ └── [email protected] deduped
  │ ├─┬ [email protected]
  │ │ └── [email protected]
  │ ├─┬ [email protected]
  │ │ └── [email protected]
  │ ├── [email protected]
  │ └─┬ [email protected]
  │   └── [email protected] deduped
  ├─┬ [email protected]
  │ └── [email protected]
  ├── [email protected]
  ├─┬ [email protected]
  │ └─┬ [email protected]
  │   ├── [email protected]
  │   └── [email protected]
  ├── [email protected]
  ├── [email protected]
  ├─┬ [email protected]
  │ └── [email protected]
  ├─┬ [email protected]
  │ └─┬ [email protected]
  │   └── [email protected]
  ├── [email protected]
  └─┬ [email protected]
    ├─┬ [email protected]
    │ ├─┬ [email protected]
    │ │ └── [email protected] deduped
    │ ├── [email protected]
    │ ├── [email protected] deduped
    │ ├── [email protected]
    │ ├─┬ [email protected]
    │ │ ├── [email protected]
    │ │ ├── [email protected]
    │ │ └─┬ [email protected]
    │ │   └── [email protected]
    │ ├── [email protected]
    │ ├─┬ [email protected]
    │ │ └── [email protected] deduped
    │ └─┬ [email protected]
    │   ├── [email protected] deduped
    │   ├── [email protected] deduped
    │   └── [email protected] deduped
    ├─┬ [email protected]
    │ ├─┬ [email protected]
    │ │ └─┬ [email protected]
    │ │   └── [email protected]
    │ └─┬ [email protected]
    │   └── [email protected]
    ├─┬ [email protected]
    │ ├─┬ [email protected]
    │ │ └── [email protected]
    │ ├── [email protected]
    │ ├─┬ [email protected]
    │ │ └── [email protected]
    │ ├─┬ [email protected]
    │ │ └── [email protected]
    │ ├─┬ [email protected]
    │ │ ├── [email protected]
    │ │ ├── [email protected]
    │ │ ├── [email protected]
    │ │ └─┬ [email protected]
    │ │   └── [email protected] deduped
    │ └── [email protected] deduped
    ├── [email protected]
    ├── [email protected]
    ├─┬ [email protected]
    │ └── [email protected]
    ├─┬ [email protected]
    │ ├─┬ [email protected]
    │ │ └── [email protected]
    │ └── [email protected]
    ├── [email protected]
    ├── [email protected]
    ├─┬ [email protected]
    │ └─┬ [email protected]
    │   ├─┬ [email protected]
    │   │ ├── @sindresorhus/[email protected]
    │   │ ├─┬ @szmarczak/[email protected]
    │   │ │ └── [email protected]
    │   │ ├─┬ [email protected]
    │   │ │ ├─┬ [email protected]
    │   │ │ │ └── [email protected] deduped
    │   │ │ ├─┬ [email protected]
    │   │ │ │ └── [email protected] deduped
    │   │ │ ├── [email protected]
    │   │ │ ├─┬ [email protected]
    │   │ │ │ └── [email protected]
    │   │ │ ├── [email protected]
    │   │ │ ├── [email protected]
    │   │ │ └─┬ [email protected]
    │   │ │   └── [email protected] deduped
    │   │ ├─┬ [email protected]
    │   │ │ └── [email protected] deduped
    │   │ ├── [email protected]
    │   │ ├─┬ [email protected]
    │   │ │ └─┬ [email protected]
    │   │ │   ├─┬ [email protected]
    │   │ │   │ └── [email protected] deduped
    │   │ │   └─┬ [email protected]
    │   │ │     └── [email protected]
    │   │ ├── [email protected]
    │   │ ├── [email protected]
    │   │ ├── [email protected]
    │   │ ├── [email protected]
    │   │ └─┬ [email protected]
    │   │   └── [email protected]
    │   ├─┬ [email protected]
    │   │ └─┬ [email protected]
    │   │   ├── [email protected]
    │   │   ├── [email protected]
    │   │   ├── [email protected]
    │   │   └── [email protected]
    │   ├─┬ [email protected]
    │   │ └── [email protected] deduped
    │   └── [email protected]
    ├─┬ [email protected]
    │ └── [email protected]
    ├─┬ [email protected]
    │ └── [email protected]
    ├─┬ [email protected]
    │ └─┬ [email protected]
    │   └── [email protected]
    └── [email protected]

update-notifier pulls in more dependencies than the rest of nodemon.

I personally think that the drawbacks from keeping outweigh the benefits:

  1. The attack surface is increased, and having many dependencies makes it harder to vet the nodemon dependency tree.
    • Over the years, several vulnerability reports for nodemon dependencies have come from the update-notifier tree. Not all of the vulnerabilities affect nodemon, but again, it's not easy to immediately tell.
    • Dependency chain attacks are becoming more common.
    • Currently, npm outdated reports that about 70 requirements are at least 1 major version behind. I'm sure that some of the updates are not currently necessary, but perhaps they may soon.
  2. In the ~8 years since update-notifier was added, the ecosystem has improved visibility and handling of dependency updates. We have npm outdated and yarn upgrade-interactive, and npx nodemon without an explicit dependency will try to run the latest version by default.

Thoughts?

remy
remy

I don't disagree, but you're point (2) doesn't address what update notifier solves: automatic notification of upgrade.

All other solutions require the user to specifically ask whether there's an upgrade (potentially one that does fix a vuln).

I strongly believe that this project needs something like upgrade notifier, though I'm not convinced it requires that particular dep or any of it's complexity...

Dec
5
2 days ago
push

remy push remy/advent-of-code-solved

remy
remy

2021 day 4 b - jq - working in sample, but not correct

remy
remy

solved 2021 day 4 part b - jq

commit sha: d953653785d724e6e1f2aa7e17a5c050750afbc5

push time in 2 days ago
Dec
3
4 days ago
Dec
2
5 days ago
Nov
30
1 week ago
started
started time in 6 days ago
Activity icon
issue

remy issue comment remy/nodemon

remy
remy

Why is version in package.json 0.0.0-development?

I am a bit confused by this, is it some quirk used in the node.js/npm ecosystem that I haven't encountered yet and intended?

remy
remy

Yes, it is intended. It allows the code to make use of semantic releases: https://semantic-release.gitbook.io/semantic-release/

Activity icon
issue

remy issue remy/nodemon

remy
remy

Why is version in package.json 0.0.0-development?

I am a bit confused by this, is it some quirk used in the node.js/npm ecosystem that I haven't encountered yet and intended?

Nov
27
1 week ago
Activity icon
issue

remy issue remy/nodemon

remy
remy

write to stderr

  • Versions: 2.0.15
  • Linux

Nodemon outputs information to stdout during execution. Such as:

nodemon] 2.0.15
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): *.*
[nodemon] watching extensions: js,mjs,json
[nodemon] starting `node ./src/bin/server.js`

It's common to use pipelines during development and in production. Outputting to stdout forwards the lines to the next program in chain.

Expected behaviour

Nodemon should perhaps output to stderr, and let the user to decide if they would like to pass it onto the next program in chain.

Actual behaviour

Nodemon outputs to stdout.

Steps to reproduce

nodemon ./src/something.js | tee out.txt

here, the out.txt should only receive the output from the application being executed, and not the nodemon itself.

I can work on PR if you are interested.

Activity icon
issue

remy issue comment remy/nodemon

remy
remy

write to stderr

  • Versions: 2.0.15
  • Linux

Nodemon outputs information to stdout during execution. Such as:

nodemon] 2.0.15
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): *.*
[nodemon] watching extensions: js,mjs,json
[nodemon] starting `node ./src/bin/server.js`

It's common to use pipelines during development and in production. Outputting to stdout forwards the lines to the next program in chain.

Expected behaviour

Nodemon should perhaps output to stderr, and let the user to decide if they would like to pass it onto the next program in chain.

Actual behaviour

Nodemon outputs to stdout.

Steps to reproduce

nodemon ./src/something.js | tee out.txt

here, the out.txt should only receive the output from the application being executed, and not the nodemon itself.

I can work on PR if you are interested.

remy
remy

I tried hard to leave stderr alone to allow for user code to make use of it. Equally stdout for nodemon can be silenced using -q.

For anyone wanting to push all nodemon messaging through stderr they're able to require nodemon as a dep and reroute the messages.

If there was going to be a PR, it should let a config option (which means adding help text, defaults and checking it works in the required method too) that would put logging on stderr (and would need tests) - I don't think it's a small PR, but if it's written properly I'd be happy to merge.

I'm going to close this issue for now (as I've answered the original points), and don't mind either way if you want to take a shot at a pr 👍

Nov
25
1 week ago
Activity icon
issue

remy issue comment Orange-OpenSource/hurl

remy
remy

"* Closing connection 0" on all requests

I suspect this is related somehow to libcurl, but on every request I make I get * Closing connection 0 on stderr.

I'm on macOS Big Sur, 11.5.2 (20G95). hurl is a new installation (1.4.0). Are there any tips on how I would solve this?

I've noticed that running a plain curl on the url doesn't show the same * Closing connection 0.

remy
remy

Cheers - though the work around does also swallow the error reports for legit errors (like the assert failure I posted previously gets swallowed). I can live with a line on stderr for the time being :)

Activity icon
issue

remy issue comment Orange-OpenSource/hurl

remy
remy

"* Closing connection 0" on all requests

I suspect this is related somehow to libcurl, but on every request I make I get * Closing connection 0 on stderr.

I'm on macOS Big Sur, 11.5.2 (20G95). hurl is a new installation (1.4.0). Are there any tips on how I would solve this?

I've noticed that running a plain curl on the url doesn't show the same * Closing connection 0.

remy
remy

Freshly installed from repo and same thing:

/Users/remy/.cargo/bin/hurl ~/Desktop/test.hurl
error: Assert Status
  --> /Users/remy/Desktop/test.hurl:4:8
   |
 4 | HTTP/* 201
   |        ^^^ actual value is <200>
   |

* Closing connection 0
Activity icon
issue

remy issue comment Orange-OpenSource/hurl

remy
remy

"* Closing connection 0" on all requests

I suspect this is related somehow to libcurl, but on every request I make I get * Closing connection 0 on stderr.

I'm on macOS Big Sur, 11.5.2 (20G95). hurl is a new installation (1.4.0). Are there any tips on how I would solve this?

I've noticed that running a plain curl on the url doesn't show the same * Closing connection 0.

remy
remy

Just initially posting the otool bits you asked for - I'm going to get on with the rust install and see if I can build from scratch too and test.

$ otool -L /usr/bin/curl
/usr/bin/curl:
	/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current version 9.0.0)
	/usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1292.120.1)

$ /usr/local/bin/hurl:
	/usr/lib/libcurl.4.dylib (compatibility version 7.0.0, current version 9.0.0)
	/usr/lib/libxml2.2.dylib (compatibility version 10.0.0, current version 10.9.0)
	/usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.100.1)
	/usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)
Activity icon
issue

remy issue Orange-OpenSource/hurl

remy
remy

"* Closing connection 0" on all requests

I suspect this is related somehow to libcurl, but on every request I make I get * Closing connection 0 on stderr.

I'm on macOS Big Sur, 11.5.2 (20G95). hurl is a new installation (1.4.0). Are there any tips on how I would solve this?

I've noticed that running a plain curl on the url doesn't show the same * Closing connection 0.

Nov
24
1 week ago
started
started time in 1 week ago
Nov
22
2 weeks ago
Nov
21
2 weeks ago
Nov
19
2 weeks ago
push

remy push remy/nodemon

remy
remy

chore: update supporters

[skip ci]

remy
remy

Merge branch 'main' of github.com:remy/nodemon

  • 'main' of github.com:remy/nodemon: ci(release): workflow uses 'npm' cache (#1933) ci(node.js): workflow uses 'npm' cache (#1934) docs: Fix typo in faq.md (#1950)

commit sha: 242f9f7b4ff476fc78308b800a7ef48a6453f694

push time in 2 weeks ago
Nov
18
2 weeks ago
Activity icon
issue

remy issue comment remy/nodemon

remy
remy

add note to readme with example showing how to watch any file extension

Hi, love the project.

Ended up finding this answer on SO, so figured it might be good to explicitly make a note in the readme for future nodemoners.

  • Update readme explaining how to watch all file types, with example.
remy
remy

Sorry I'm late to reply to this. I think this is better suited to the FAQ rather than the readme, if you want to update it there then I'll merge in for you. Thanks so much.

push

remy push remy/nodemon

remy
remy

ci(release): workflow uses 'npm' cache (#1933)

[skip ci]

commit sha: 53422afb61c0e3a0e242d5a4073abf61380ab8aa

push time in 2 weeks ago
pull request

remy pull request remy/nodemon

remy
remy

ci(release): workflow uses 'npm' cache

push

remy push remy/nodemon

remy
remy

ci(node.js): workflow uses 'npm' cache (#1934)

[skip ci]

commit sha: 581c6410b75969eb1982cf6daa74c567d2521b6e

push time in 2 weeks ago
pull request

remy pull request remy/nodemon

remy
remy

ci(node.js): workflow uses 'npm' cache

push

remy push remy/nodemon

remy
remy

docs: Fix typo in faq.md (#1950)

[skip ci]

commit sha: cb1c8b9b81d780814d01f1b66c70107744fd6da5

push time in 2 weeks ago
pull request

remy pull request remy/nodemon

remy
remy

docs: Fix typo in faq.md

Hello, I`ve remove the redundant word in the documentation

Fix typo: the the -> the

Activity icon
issue

remy issue comment remy/nodemon

remy
remy

Watch .cjs files by default

"By default, nodemon looks for files with the .js, .mjs, .coffee, .litcoffee, and .json"

This seems like madness! : )

In an ES6 project I often have to use a .cjs file here or there. If nodemon is watching .mjs files by default why not .cjs files?

remy
remy

Space not the = symbol separates the arguments IIRC

Activity icon
issue

remy issue comment remy/nodemon

remy
remy

nodemon does not restart server, stuck on ---> [nodemon] restarting due to changes...

  • Versions:
  • nodemon -v:2.0.15
  • Operating system/terminal environment (powershell, gitshell, etc): [email protected], [email protected] / Git Bash
  • Using Docker? What image: No
  • Command you ran: npm start

Expected behaviour

Expected behavior is nodemon restarting the server after saving changes in the js/json files.

server.js file

const http = require('http');

const server = http.createServer((req, res) => {
  res.setHeader('Content-type', 'text/plain');
  res.write('Hello');
  res.end();
});

const PORT = 3000

server.listen(PORT, () => console.log(`Server is running on port ${PORT}`));

package.json

{
  "name": "nodejs",
  "version": "1.0.0",
  "description": "learn HTTP",
  "main": "server.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "start": "nodemon server.js"
  },
  "repository": {
    "type": "git",
    "url": "git+https://github.com/JoeyFlaum/Node.js.git"
  },
  "author": "",
  "license": "ISC",
  "bugs": {
    "url": "https://github.com/JoeyFlaum/Node.js/issues"
  },
  "homepage": "https://github.com/JoeyFlaum/Node.js#readme",
  "devDependencies": {
    "nodemon": "^2.0.15"
  }
}

Actual behaviour

$ npm start

> [email protected] start
> nodemon server.js

[nodemon] 2.0.15
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): *.*
[nodemon] watching extensions: js,mjs,json
[nodemon] starting `node server.js`
Server is running on port 3000
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...
[nodemon] restarting due to changes...

Steps to reproduce

  1. Start the server with npm start command.

  2. save either the package.json file or server.js file

  3. nodemon does not restart the server.


If applicable, please append the --dump flag on your command and include the output here ensuring to remove any sensitive/personal details or tokens.

> [email protected] start
> nodemon --dump server.js

[nodemon] 2.0.15
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): *.*
[nodemon] watching extensions: js,mjs,json
--------------
node: v16.13.0
nodemon: 2.0.15
command: C:\Program Files\nodejs\node.exe D:\Joey\WebDev\NodeJs\node_modules\nodemon\bin\nodemon.js --dump server.js   
cwd: D:\Joey\WebDev\NodeJs
OS: win32 x64
--------------
{
  run: false,
  system: { cwd: 'D:\\Joey\\WebDev\\NodeJs' },
  required: false,
  dirs: [ 'D:\\Joey\\WebDev\\NodeJs' ],
  timeout: 1000,
  options: {
    dump: true,
    ignore: [
      '**/.git/**',
      '**/.nyc_output/**',
      '**/.sass-cache/**',
      '**/bower_components/**',
      '**/coverage/**',
      '**/node_modules/**',
      re: /.*.*\/\.git\/.*.*|.*.*\/\.nyc_output\/.*.*|.*.*\/\.sass\-cache\/.*.*|.*.*\/bower_components\/.*.*|.*.*\/coverage\/.*.*|.*.*\/node_modules\/.*.*/
    ],
    watch: [ '*.*', re: /.*\..*/ ],
    monitor: [
      '*.*',
      '!**/.git/**',
      '!**/.nyc_output/**',
      '!**/.sass-cache/**',
      '!**/bower_components/**',
      '!**/coverage/**',
      '!**/node_modules/**'
    ],
    ignoreRoot: [
      '**/.git/**',
      '**/.nyc_output/**',
      '**/.sass-cache/**',
      '**/bower_components/**',
      '**/coverage/**',
      '**/node_modules/**'
    ],
    restartable: 'rs',
    colours: true,
    execMap: { py: 'python', rb: 'ruby', ts: 'ts-node' },
    stdin: true,
    runOnChangeOnly: false,
    verbose: false,
    signal: 'SIGUSR2',
    stdout: true,
    watchOptions: {},
    execOptions: {
      script: 'server.js',
      exec: 'node',
      args: [],
      scriptPosition: 0,
      nodeArgs: undefined,
      execArgs: [],
      ext: 'js,mjs,json',
      env: {}
    }
  },
  load: [Function (anonymous)],
  reset: [Function: reset],
  lastStarted: 0,
  loaded: [],
  watchInterval: null,
  signal: 'SIGUSR2',
  command: {
    raw: { executable: 'node', args: [ 'server.js' ] },
    string: 'node server.js'
  }
}
--------------
remy
remy

Yes, but with the restart loop happening ... I'm assuming it's still a problem?

Previous