Questions regarding development environment, dependencies, and potential package updates.

[BrettFraley]

In looking at potential good issues to debug and fix as a contributor to Glance, I noticed there's many deprecated dependencies when running npm install, and I'm unable to successfully run npm run dev for development.

Using NVM, I switched to Node 16 and then 14. I also, attempted to debug and upgrade a few of the packages.

I will post all the deprecation and security vulnerability warnings here if needed, but I will keep it simple with a few questions to the maintainers.

• Which version of Node/NPM is recommended at this time to install, build, and run Glance locally for development?

• Are there plans to update dependencies? If so, could this be an issue with breaking changes for other tools that use Glance?

• Are there plans to upgrade to be compatible with Vue 3? I know Vue 2 is no longer supported but upgrading is a process that should be done with caution in order to not introduce bugs or break existing functionality or features.

• Perhaps, most important are the vulnerabilites listed when running npm install:
  86 vulnerabilities (2 low, 58 moderate, 18 high, 8 critical)

Thanks for any feedback. I'd be happy to look further into these issues or steps toward updating packages and migrating to Vue3 if there are any plans to do so.

[floryst]

Thanks for your interest! I've provided some responses below.

• ideally we'd want to use the latest versions of node/npm. The only hard constraint would be the packages used for this project, so it's related to updating the packages.
• Certain dependencies cannot have their major versions updated without code changes. In particular, vtk.js cannot be updated yet. Most others can be, but I haven't done a blanket upgrade to see what breaks. (e.g. webpack 4 to 5)
• vue3 would be nice. We'd have to stick with the options API for now, since rewriting to the composition API is a lot of work at the moment. Relevant: https://v3-migration.vuejs.org/breaking-changes/
• Some of those vulns might be via kw-doc. Ideally we'd migrate to readthedocs or another doc generation tool. Vulns related to kw-doc should be mostly minor, but addressing them is ideal.

A good first step would be to try to update some of the dependencies. A more focused task that might be fairly isolated would be to upgrade to vue3 and see how much work is necessary to address any breaking changes.

Other nice-to-haves:

• migrate to vite for nicer developer tooling
• upgrade to vuetify 3 (major underaking)