GSAP installation via modules, ZIP download

[SteinarvDesign 2 Likes (Newbie)]

Workflow in Visual Studio Code, Windows 10:

1) First I created a fresh React project with: npx create-react-app my-project

2) Then I downloaded the 'GSAP 3 with Shockingly Green bonus files' ZIP file, version 3.8.0

3) and added the gsap-bonus.tgz in the root directory of my project

4) When I installed the file with : my-project > npm install ./gsap-bonus.tgz,
    I received the message: added 1 package, and audited 1946 packages in 10s,
    58 vulnerabilities (16 moderate, 40 high, 2 critical)

5) After installation: my package.json file looks the same as in the 'module install' video.

 

How can there be that many vulnerabilities in an 'up-to-date' GSAP installation, and do I need to fix this ?

[GreenSock 16,304 Likes (Superhero)]

First of all, thanks for being a Club GreenSock member!  🙌

 

I'm pretty sure those vulnerabilities have absolutely nothing to do with GSAP. The messages says "audited 1946 packages" and GSAP has absolutely zero dependencies, so it sounds like you've got a bunch of other packages installed in your project, some of which have vulnerabilities. We're not aware of any vulnerabilities in GSAP. 🤷‍♂️

[OSUblake 18,334 Likes (Superhero)]

7 hours ago, SteinarvDesign said:

How can there be that many vulnerabilities in an 'up-to-date' GSAP installation, and do I need to fix this ?

 

You installed Create React App. 😉

 

Try installing it without React. GSAP has no dependencies. 

 

[OSUblake 18,334 Likes (Superhero)]

7 hours ago, SteinarvDesign said:

How can there be that many vulnerabilities in an 'up-to-date' GSAP installation, and do I need to fix this ?

 

Like I mentioned above, GSAP has no dependencies, so those warnings are all for the React stuff. You can try to fix them, but it's unlikely you'll be able to get them all as create react app has a ton of dependencies.

 

If you don't mind me asking, why did you choose React? We want to improve GSAP integration with React, so we're looking for feedback on how to improve that.

 

[SteinarvDesign 2 Likes (Newbie)]

I have been learning/practicing React w. hooks in 2021 and want to stay focused on React as much as possible.

GSAP with html, css, js, CDN files and a 'scripts' folder for the bonus plugins is the best solution so far.

 

A project with Webpack or Parcel is more problematic because of all the dependencies that the bundlers have. 
Creating a .npmrc file within my project folder and installing via: 'npm install gsap@npm:@gsap/shockingly' is a good solution, but
this solution comes with several security vulnerabilities not related to GSAP.

 

[OSUblake 18,334 Likes (Superhero)]

You can try to fix those fix with with npm audit, and learn more about what the issue is and if it's even worth worrying about.

https://docs.npmjs.com/cli/v7/commands/npm-audit

 

I don't put a lot of thought into those warning because it's nearly impossible to get rid of them. Especially if I'm just running stuff locally.