Tags: lightfeed/extractor
Tags
Remove xpath dependency and add jsdom overrides for cssstyle version … ( #70) …in package.json ``` ERROR error extracting main html Error [ERR_REQUIRE_ESM]: require() of ES Module /var/task/node_modules/@csstools/css-calc/dist/index.mjs from /var/task/node_modules/@asamuzakjp/css-color/dist/cjs/index.cjs not supported. Instead change the require of /var/task/node_modules/@csstools/css-calc/dist/index.mjs to a dynamic import() which is available in all CommonJS modules. at Object.<anonymous> (/var/task/node_modules/@asamuzakjp/css-color/dist/cjs/index.cjs:30:24) { code: 'ERR_REQUIRE_ESM' } ``` jsdom 24 specifies cssstyle: "^4.0.1", and npm resolved it to 4.6.0 which pulls in the ESM chain. The ^ semver range let the bad version slip in. This happens both locally and in prod. The fix is to add an npm override to pin cssstyle to ~4.1.0 (the last version before @asamuzakjp/css-color was added in 4.2.0):
Replace xmldom with jsdom (#68) Replace xmldom which has critical vulnerability. ` xmldom * Severity: critical xmldom allows multiple root nodes in a DOM - GHSA-crh6-fp67-6883 Misinterpretation of malicious XML input - GHSA-5fg8-2547-mr8q xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion - GHSA-wh4c-j3r5-mjhp ` The jsdom 24.x pin is because jsdom 25+ pulls in ESM-only transitive dependencies (@csstools/*, parse5 v8) that break Jest's CommonJS module resolution. When the project eventually moves to an ESM-native test runner or Jest adds better ESM support, you can upgrade to jsdom 27.x.
PreviousNext