Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warning from vite about using eval #221

Open
crystalfp opened this issue Oct 27, 2023 · 6 comments
Open

Warning from vite about using eval #221

crystalfp opened this issue Oct 27, 2023 · 6 comments

Comments

@crystalfp
Copy link

Bottleneck has served me well in a standalone typescript application (not involving Redis).
Now I moved this code inside an Electron application built using vite and the following warnings appear during build for development and production:

node_modules/bottleneck/lib/RedisConnection.js (18:21) Use of eval in "node_modules/bottleneck/lib/RedisConnection.js" is strongly discouraged as it poses security risks and may cause issues with minification.
node_modules/bottleneck/lib/IORedisConnection.js (26:21) Use of eval in "node_modules/bottleneck/lib/IORedisConnection.js" is strongly discouraged as it poses security risks and may cause issues with minification.

I don't use Redis.
Is it possible to load these modules only if Redis is used?
Well, seems everything works in spite of these warning, but they are annoying.
Thanks.
mario
@toddb
Copy link

toddb commented Jul 25, 2024

You can suppress the specific warning in the console for vite via the rollup options

import { defineConfig } from 'vite';

export default defineConfig({
  build: {
    rollupOptions: {
      onwarn(warning, warn) {
        // Suppress "Use of eval in" warnings
        if (warning.code === 'EVAL') {
          /*
           * Bottleneck has two instances of eval
           * node_modules/bottleneck/lib/RedisConnection.js (18:21) Use of eval in "node_modules/bottleneck/lib/RedisConnection.js" is strongly discouraged as it poses security risks and may cause issues with minification.
           * node_modules/bottleneck/lib/IORedisConnection.js (26:21) Use of eval in "node_modules/bottleneck/lib/IORedisConnection.js" is strongly discouraged as it poses security risks and may cause issues with minification.
           */
          if (warning.id?.includes('RedisConnection.js')) {
              return;
          }
        }
        // Use default for everything else
        warn(warning);
      },
    },
  },
})

@crystalfp
Copy link
Author

Thanks a lot @toddb !
Unfortunately the warning is still here running npx vite build.
After putting your code inside vite.config.mts and even adding a onLog function, seems these functions are never called (having added a good, old console.log...).
Instead, the other rollup options like output: {manualChunks: work.
Anyway, thanks for your help!
mario

@crystalfp
Copy link
Author

Maybe the problem is vitejs/vite#13624
So seems there is no solution for now.

@toddb
Copy link

toddb commented Jul 27, 2024
edited
Loading

Strange because it did work for me as expected using onwarn and I played around with understanding the object codes, etc.

Couple of notes:

  • I'm using yarn
  • onLog is still open as a ticket, so wouldn't expect it to work

Good luck!

@tim784
Copy link

tim784 commented Aug 5, 2024

You can suppress the specific warning in the console for vite via the rollup options

This solution did work for me. Thanks!

@onekiloparsec
Copy link

Personally, not happy with tweaking the config, and given the lib seems not maintained anymore, I switched to https://github.com/sindresorhus/p-throttle. Works well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@toddb @onekiloparsec @crystalfp @tim784