■Node.js基本編 Express+SQLiteで超定番のTo
Doメモアプリを作る
kokaki@skynew:~$ mkdir www/express
kokaki@skynew:~$ cd www/express
kokaki@skynew:~/www/express$ sudo apt install -y npm
kokaki@skynew:~/www/express$ sudo npm install -g express-generator
npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported.
Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
added 10 packages, and audited 11 packages in 2s
4 vulnerabilities (1 moderate, 1 high, 2 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
kokaki@skynew:~/www/express$ express -e todo-app
warning: option `--ejs' has been renamed to `--view=ejs'
create : todo-app/
create : todo-app/public/
create : todo-app/public/javascripts/
create : todo-app/public/images/
create : todo-app/public/stylesheets/
create : todo-app/public/stylesheets/style.css
create : todo-app/routes/
create : todo-app/routes/index.js
create : todo-app/routes/users.js
create : todo-app/views/
create : todo-app/views/error.ejs
create : todo-app/views/index.ejs
create : todo-app/app.js
create : todo-app/package.json
create : todo-app/bin/
create : todo-app/bin/www
change directory:
$ cd todo-app
install dependencies:
$ npm install
run the app:
$ DEBUG=todo-app:* npm start
kokaki@skynew:~/www/express$ cd todo-app/
kokaki@skynew:~/www/express/todo-app$ npm install
added 54 packages, and audited 55 packages in 4s
4 vulnerabilities (3 high, 1 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
kokaki@skynew:~/www/express/todo-app$ npm install sqlite3
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'node-addon-api@7.1.0',
npm WARN EBADENGINE required: { node: '^16 || ^18 || >= 20' },
npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
added 125 packages, and audited 180 packages in 9s
12 packages are looking for funding
run `npm fund` for details
4 vulnerabilities (3 high, 1 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
kokaki@skynew:~/www/express/todo-app$ DEBUG=todo-app:* npm start
> todo-app@0.0.0 start
> node ./bin/www
todo-app:server Listening on port 3000 +0ms
kokaki@skynew:~/www/express/todo-app$ npm fund
todo-app@0.0.0
├── https://github.com/sponsors/ljharb
│ └── minimist@1.2.8
├─┬ https://github.com/sponsors/feross
│ │ └── simple-get@4.0.1, simple-concat@1.0.1, buffer@5.7.1, base64-js@1.5.1, ieee754@1.2.1, safe-buffer@5.2.1
│ └── https://github.com/sponsors/sindresorhus
│ └── decompress-response@6.0.0, mimic-response@3.1.0, p-map@4.0.0
└── https://github.com/sponsors/isaacs
└── glob@7.2.3, rimraf@3.0.2
kokaki@skynew:~/www/express/todo-app$ npm audit
# npm audit report
ejs <3.1.7 Severity: critical ejs template injection vulnerability -
https://github.com/advisories/GHSA-phwq-j96m-2c2q fix available via `npm audit fix --force` Will install
ejs@3.1.9, which is a breaking change node_modules/ejs qs 6.5.0 - 6.5.2 Severity: high qs vulnerable to
Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via `npm audit fix
--force` Will install express@4.18.2, which is outside the stated dependency range node_modules/qs body-parser
1.18.0 - 1.18.3 Depends on vulnerable versions of qs node_modules/body-parser express 4.15.4 - 4.16.4 ||
5.0.0-alpha.1 - 5.0.0-alpha.7 Depends on vulnerable versions of body-parser Depends on vulnerable versions of
qs node_modules/express 4 vulnerabilities (3 high, 1 critical) To address all issues (including breaking
changes), run: npm audit fix --force
kokaki@skynew:~/www/express/todo-app$ npm audit fix --force
npm WARN
using --force Recommended protections disabled. npm WARN audit Updating ejs to 3.1.9,which is a SemVer major
change. npm WARN audit Updating express to 4.18.2,which is outside your stated dependency range. added 53
packages, changed 14 packages, and audited 233 packages in 5s 24 packages are looking for funding run `npm
fund` for details found 0 vulnerabilities
kokaki@skynew:~/www/express/todo-app$ sqlite3 memo_data.sqlite3
SQLite version 3.37.2 2022-01-06 13:25:41 Enter ".help" for usage hints.
sqlite> CREATE TABLE "memos" (
"id" INTEGER NOT NULL UNIQUE,
"text" TEXT NOT NULL,
PRIMARY KEY("id" AUTOINCREMENT)
);
sqlite> .q
kokaki@skynew:~/www/express/todo-app$ mkdir views/memo
kokaki@skynew:~/www/express/todo-app$ touch views/memo/index.ejs
kokaki@skynew:~/www/express/todo-app$ touch views/memo/add.ejs
kokaki@skynew:~/www/express/todo-app$ touch views/memo/edit.ejs
kokaki@skynew:~/www/express/todo-app$ touch views/memo/delete.ejs
kokaki@skynew:~/www/express/todo-app$ touch routes/memo.js
kokaki@skynew:~/www/express/todo-app$ vi app.js
var memoRouter = require('./routes/memo');
app.use('/memo', memoRouter);
kokaki@skynew:~/www/express/todo-app$ npm start
> todo-app@0.0.0 start
> node ./bin/www
http://localhost:3000/memo