Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node-copy-paste breaks on android (termux) #3837

Closed
brysgo opened this issue Jan 17, 2018 · 14 comments · Fixed by xavi-/node-copy-paste#62
Closed

node-copy-paste breaks on android (termux) #3837

brysgo opened this issue Jan 17, 2018 · 14 comments · Fixed by xavi-/node-copy-paste#62
Labels
tag: underlying tools

Comments

@brysgo
Copy link

brysgo commented Jan 17, 2018

When trying to create a new CRA project on android, node-copy-paste causes a crash because of a platform check.
@brysgo brysgo mentioned this issue Jan 17, 2018
Merged
@brysgo
Copy link
Author

brysgo commented Jan 17, 2018

Confirmed with yarn link that the above PR fixes this.

@gaearon
Copy link
Contributor

gaearon commented Jan 17, 2018

How do we use node-copy-paste?

@brysgo
Copy link
Author

brysgo commented Jan 17, 2018

Not sure, I can investigate when I get some time.

@Timer
Copy link
Contributor

Timer commented Jan 17, 2018 

JHaddad@W10LJHADDADSURF MINGW64 ~/Documents/Development/create-react-app (remove-cssm-docs)
$ yarn why copy-paste
yarn why v1.3.2
[1/4] Why do we have the module "copy-paste"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
info This module exists because "workspace-aggregator-5c248a94-35ae-4f58-8b1e-45e710c97334#create-react-app#envinfo
" depends on it.
Done in 1.06s.

Our new --info flag.

@viankakrisna
Copy link
Contributor

https://github.com/xavi-/node-copy-paste/issues/61 will it affect CRA users?

@bondz
Copy link
Contributor

bondz commented Jan 18, 2018

snyk reports a vulnerability as a result of the module

snyk test create-react-app
✗ Medium severity vulnerability found on sync-exec@0.6.2
- desc: Insecure use of Tmp files
- info: https://snyk.io/vuln/npm:sync-exec:20160124
- from: create-react-app@1.5.0 > envinfo@3.10.0 > copy-paste@1.3.0 > sync-exec@0.6.2
Fix: None available. Consider removing this dependency.

Tested create-react-app for known vulnerabilities, found 1 vulnerability, 1 vulnerable path.

cc @tabrindle

@bondz
Copy link
Contributor

bondz commented Jan 18, 2018
edited
Loading

A possible solution is to pin the envinfo version to 3.4.2, the clipboard option that is the cause of this issue and the added vulnerability would be mitigated. We currently do not use the cliboard option anyways.

bondz added a commit to bondz/create-react-app that referenced this issue Jan 18, 2018
@bondz
pin envinfo version to 3.4.2
bca6dd1 
See facebook#3837
@bondz bondz mentioned this issue Jan 18, 2018
Merged
gaearon pushed a commit that referenced this issue Jan 18, 2018
@bondz @gaearon
pin envinfo version to 3.4.2 (#3853)
2bf0929 
See #3837
@tabrindle
Copy link
Contributor

If it's causing problems, it's an easy fix to remove the module upstream in envinfo.

@gaearon
Copy link
Contributor

gaearon commented Jan 18, 2018

For now I'll cut a patch to create-react-app with #3853 but happy to merge other solutions later.

gaearon pushed a commit that referenced this issue Jan 18, 2018
@bondz @gaearon
pin envinfo version to 3.4.2 (#3853)
2e59658 
See #3837
@gaearon
Copy link
Contributor

gaearon commented Jan 18, 2018

OK, 1.5.1 of the CLI is out and should pin the version. I'll keep this open so somebody can offer a better upstream solution (?)

tabrindle added a commit to tabrindle/envinfo that referenced this issue Jan 18, 2018
@tabrindle
fix: migrate from copy-paste to clipboardy
87f8496 
- copy-paste uses a module sync-exec for older versions of node which has a known vulnerability
- clipboardy also supports Android (Termux). Issue reported in CRA - facebook/create-react-app#3837
@tabrindle
Copy link
Contributor

tabrindle commented Jan 18, 2018
edited
Loading

Sorry about this guys.

Seems like there are two problems here - the vulnerability and the incompatibility with Termux - both are fixed by using a different module for envinfo's --clipboard option.

Doesn't look like node-copy-paste is very active, and sync-exec isn't getting fixed. Clipboardy has no known vulnerabilities, advertises compatibility with Termux, and works with node 4.

@brysgo I have pushed a new version of envinfo@3.11.0. Can you confirm that npx envinfo@3.11.0 --clipboard works, or at least does not break in the same place? I've never tested any of these things on Android 😂 Works on MacOS ¯_(ツ)_/¯

@gaearon As soon as we confirm this works, I'll make a PR to update the version of envinfo to 3.11.0.

@gaearon
Copy link
Contributor

gaearon commented Jan 18, 2018

No worries, thanks for jumping on it.

@brysgo
Copy link
Author

brysgo commented Jan 18, 2018
edited
Loading

@tabrindle - Here is the output of the above command, doesn't blow up:

image

@tabrindle tabrindle mentioned this issue Jan 18, 2018
Closed
@Timer
Copy link
Contributor

Timer commented Jan 22, 2018

Fix up in #3859

@Timer Timer closed this as completed Jan 22, 2018
akstuhl pushed a commit to akstuhl/create-react-app that referenced this issue Mar 15, 2018
@bondz @akstuhl
pin envinfo version to 3.4.2 (facebook#3853)
956a76e 
See facebook#3837
Pavek pushed a commit to Pavek/create-react-app that referenced this issue Jul 10, 2018
@bondz
pin envinfo version to 3.4.2 (facebook#3853)
f91da6d 
See facebook#3837
@lock lock bot locked and limited conversation to collaborators Jan 20, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
tag: underlying tools
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add android as platform (termux) brysgo-forks/node-copy-paste
6 participants
@brysgo @Timer @gaearon @tabrindle @bondz @viankakrisna