Dependency Confusion



code frameworks

To install A you need B which depends on C which can only be installed by D which...

Looking at installing a new "theme" for a blog. It's using Tailwindcss, so heading over there to look at how to install it. This is my "log" over how it went.

It apparently needs Node and Npm. I have, at some point, installed both, so I try to find which version of Node I have and which I would need, by simply updating it. Turns out Node now needs user accounts even to use the free tier as it has gone commercial, so to be able to work out if I'm a paying user or not they need to know who I am, at all, first. I decide to wait a bit with registering. I most definitely do not wish to pay a monthly subscription for it, I just wish to check out a blog theme.

I'm being reminded that to update Node I need Nvm. Trying to work out what version of Nvm I have and which I would need, by simply updating it. Turns out the command isn't registered on my command line. Did I perhaps install it via Homebrew, "back in the day"? I can't remember. I do remember being as confused at the time as I am starting to feel right now.

Checking to see what version of Homebrew I have, and which one I would need, by updating it. It, surprisingly, goes well. I again try to update Nvm. It says it has updated but also that it is most definitely not registered as a command. It also has a note saying the way I installed it, via Homebrew, isn't guaranteed to work, and thus not supported, though "it should probably" work. Basically it means "if you get errors, which you shouldn't, we think, don't come to us for support".

Getting instructions on suggested configuration lines that I should add to to Zsh, which is what I use on my command line. I log out, log in again to ensure it reloads the amended config. It complains that the config file contains folder paths that are incorrect. Nvm is now accessible as a command though. Probably need to fix those paths though. Checking the paths, they do in fact exist. Permissions? Checking. Weirdly it all looks correct.

Logging out again.

Searching the Internets to verify how to best update macOS to latest Node. Hundreds of search results. I'm apparently not the only one confused here.

Turns out I can do it via Nvm, Npm and Homebrew, which is kind of what I knew, though if and how they are interconnected has always been a mystery to me (I'm clearly not "a javascript dude"). Right now it feels like I have installed and updated all three of Nvm, Npm and Homebrew once from each of the others. Probably "over-updating" something somewhere.

Logging in again.

It seems to work anyways, but I can't update Node that way. Get a message that I didn't install Node via Homebrew. Looking at what version Npm is. Decides to update that. It goes well.

Manage to update Npm to the absolutely latest version.
Manage to update Nvm to the absolutely latest version.
Manage to update Node to the latest(?) has jumped from 3 to 6, from 6 to 7 and now reports it is 15.8. Quite a difference. Don't know if that is the correct/right version still though.

Now I've reached a point where Npm, Nvm, Homebrew and Node at least function as commands on my Mac. Now, where was I? What was I trying to do? Ah, right, "checking-theme-which-led-to-Tailwindcss".

From the Tailwindcss documentation I work out that I need Node 12.13+ so I should now be sufficiently "up-noded". Oh, right, it also instructs me to "install it to a project" bla bla. So I should probably think this through some more, I don't want to install it where I am (my user home folder) as it will create project specific things there, and I haven't even downloaded the theme that set me off on this long and winding road in the first place.

Also the Tailwindcss documentation tells me I will be needing to install something called "PostCSS" as well as an "autoprefixer". It wouldn't surprise me in the slightest if they have their own very specific dependency/package management/handling solution too, which quite likely will have their own dependencies.

This will have to wait though, now it is time for lunch. I shall ponder over, and silently remember the days when there was HTML, CSS and JavaScript. I'm too old for this shit I guess. is your Friday?

Previous Post Next Post

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License except where otherwise noted. Also, see About page for more info.