No matching version found for ecstatic@^3.0.0

[Alysha-94]

While running my docker build I ran into this issue

Step 21/23 : RUN  npm install http-server -g
 ---> Running in 5bdcf5823d15
npm ERR! code ETARGET
npm ERR! notarget No matching version found for ecstatic@^3.0.0
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget
npm ERR! notarget It was specified as a dependency of 'http-server'
npm ERR! notarget

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2019-05-03T00_37_27_084Z-debug.log
The command '/bin/sh -c npm install http-server -g' returned a non-zero code: 1

It seems that they have removed previous versions (for security reasons) so only the latest version of ecstatic is available

$ npm view ecstatic versions --json
[
  "4.1.2"
]

This happened quite recently, I found my information from this stack overflow question. Which has the answer

They've had a security issue with versions prior to 4 and have removed download links for them. You can find more details here: jfhbrook/node-ecstatic#255 .
You'll either need a cached version from before or move to a newer version.

[shuttle1987]

It looks like we will need to update our dependencies.

[Alysha-94]

They have republished the versions again https://www.npmjs.com/package/ecstatic
I'm unsure if we would still need to update our dependencies?

[shuttle1987]

Well if it's easy to update our dependencies without breaking anything I suggest that we do that, otherwise we can just keep going with some of the older dependencies for now. I'd prefer updating the dependencies if it's easy enough to do so.

[Alysha-94]

The maintainer of ecstatic has decided to deprecate it, and wrote up an informative reason as to why here: jfhbrook/node-ecstatic#259 which is worth a read

They have given some suggestions from there, we might have to find an alternative to using http-server

Here are some suggested migration paths to mitigate this:

• For production use, it's recommended that you use nginx or a cloud service like S3 to host static files.
• For development use, python includes a simple HTTP server. For example, python3 -m http.server works well with Python 3 and if you're still using Python 2 lord help you, python2 -m SimpleHTTPServer is the same idea.
• For use with http-server, I'm confident that those guys will figure it out.
• The ecstatic codebase is MIT licensed and continues to be hosted on GitHub, so forking or vendoring the necessary code is a viable strategy.
• Someone threatened to use lwsjs/local-web-server when http-server was breaking. I don't know much about it but I'm sure it's fine.

[shuttle1987]

That post explained a lot, thanks for linking to it. Seeing as this isn't a deployment dependency for the project we could drop it fairly easily, but we never actually directly installed this if I recall directly. It's a bit bothersome if this is a transitive dependency because I'm not entirely sure how the best way to deal with this situation is in the node world.