It might be great to disable this when NODE_ENV is production.

obviously we can use something like strip-loader to accomplish that, but I see invariant is already having separate behavior for prod-mod, and maybe just not throwing would be nice.

thoughts?

It'd be useful if the README referred to babel-plugin-dev-expression, or similar, as the way to actually strip out the messages passed to invariant when NODE_ENV=production.

As it is, the source simply states:

    * The invariant message will be stripped in production, but the invariant
    * will remain to ensure logic does not differ in production.

but doesn't explain how that actually happens.

The README doesn't clear it up either; it says how to install invariant, but that alone won't result in the intended benefit of this module, that is, fewer bytes in production builds.

Unless I'm missing something?

Hi,
https://github.com/zertosh/invariant/blob/master/invariant.js#L46

error.framesToPop = 1

Can the framesToPop be renamed to anything people want ?
Have some info/refer links about framesToPop, please mark.

ths.

Hello, I would like to ask how you came up with the idea of developing this library in the first place, and why the name is called invariant

Using invariant imported with the following two patterns fails opposite depending on how we run the build (either as unit-tests under jest, or as a react-native view on android).

import * as invariant from "invariant";

import invariant from "invariant";

Swapping the import from one to the other enables/disables using invariant in the opposite target.

Sorry to ask a naive question, but I really scratching my hair right now.

Can you enlighten me how The invariant message will be stripped in production?

I read this https://reactjs.org/blog/2016/07/11/introducing-reacts-error-code-system.html , and understand prior to react 15.2.0, react stripe the message at build time, and after react15.2.0, it rewrite invariant to some error code stead of total stripe the message but also at build time.

So how about this library? do i need to setup some extra build steps as well?

loads of thanks in advance.

Issue: We detected vulnerable dependencies in your project by using the command “npm audit”:

npm audit report

cryptiles <=4.1.1
Severity: high
Insufficient Entropy - https://npmjs.com/advisories/1464
Depends on vulnerable versions of boom
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/cryptiles
hawk 0.0.6 - 6.0.2
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
node_modules/hawk
request 2.16.0 - 2.81.0
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tunnel-agent
node_modules/request
coveralls <=2.13.3
Depends on vulnerable versions of js-yaml
Depends on vulnerable versions of minimist
Depends on vulnerable versions of request
node_modules/coveralls
tap 1.1.0 - 11.1.2 || 13.0.0-rc.0 - 13.0.0
Depends on vulnerable versions of coveralls
Depends on vulnerable versions of nyc
node_modules/tap

diff <3.5.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1631
fix available via npm audit fix
node_modules/diff
tap-mocha-reporter 0.0.4 - 5.0.0
Depends on vulnerable versions of diff
node_modules/tap-mocha-reporter

hoek <=4.2.0 || 5.0.0 - 5.0.2
Severity: moderate
Prototype Pollution - https://npmjs.com/advisories/566
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/boom
cryptiles <=4.1.1
Depends on vulnerable versions of boom
node_modules/cryptiles
hawk 0.0.6 - 6.0.2
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
node_modules/hawk
request 2.16.0 - 2.81.0
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tunnel-agent
node_modules/request
coveralls <=2.13.3
Depends on vulnerable versions of js-yaml
Depends on vulnerable versions of minimist
Depends on vulnerable versions of request
node_modules/coveralls
tap 1.1.0 - 11.1.2 || 13.0.0-rc.0 - 13.0.0
Depends on vulnerable versions of coveralls
Depends on vulnerable versions of nyc
node_modules/tap
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/sntp

js-yaml <=3.13.0
Severity: high
Denial of Service - https://npmjs.com/advisories/788
Code Injection - https://npmjs.com/advisories/813
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/coveralls/node_modules/js-yaml
coveralls <=2.13.3
Depends on vulnerable versions of js-yaml
Depends on vulnerable versions of minimist
Depends on vulnerable versions of request
node_modules/coveralls
tap 1.1.0 - 11.1.2 || 13.0.0-rc.0 - 13.0.0
Depends on vulnerable versions of coveralls
Depends on vulnerable versions of nyc
node_modules/tap

lodash <=4.17.20
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1065
Prototype Pollution - https://npmjs.com/advisories/1523
Command Injection - https://npmjs.com/advisories/1673
Prototype Pollution - https://npmjs.com/advisories/577
Prototype Pollution - https://npmjs.com/advisories/782
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/lodash
nyc <=5.0.1 || 6.2.0-alpha - 6.6.1
Depends on vulnerable versions of istanbul
Depends on vulnerable versions of lodash
node_modules/nyc
tap 1.1.0 - 11.1.2 || 13.0.0-rc.0 - 13.0.0
Depends on vulnerable versions of coveralls
Depends on vulnerable versions of nyc
node_modules/tap

minimatch <=3.0.1
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/118
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/minimatch
fileset 0.1.0 - 0.2.1
Depends on vulnerable versions of minimatch
node_modules/fileset
istanbul <=0.4.4
Depends on vulnerable versions of fileset
node_modules/istanbul
nyc <=5.0.1 || 6.2.0-alpha - 6.6.1
Depends on vulnerable versions of istanbul
Depends on vulnerable versions of lodash
node_modules/nyc
tap 1.1.0 - 11.1.2 || 13.0.0-rc.0 - 13.0.0
Depends on vulnerable versions of coveralls
Depends on vulnerable versions of nyc
node_modules/tap
glob 3.0.0 - 5.0.14
Depends on vulnerable versions of minimatch
node_modules/glob
browserify 2.3.0 - 11.2.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of shell-quote
node_modules/browserify

minimist <0.2.1 || >=1.0.0 <1.2.3
Prototype Pollution - https://npmjs.com/advisories/1179
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/coveralls/node_modules/minimist
coveralls <=2.13.3
Depends on vulnerable versions of js-yaml
Depends on vulnerable versions of minimist
Depends on vulnerable versions of request
node_modules/coveralls
tap 1.1.0 - 11.1.2 || 13.0.0-rc.0 - 13.0.0
Depends on vulnerable versions of coveralls
Depends on vulnerable versions of nyc
node_modules/tap

shell-quote <=1.6.0
Severity: critical
Potential Command Injection - https://npmjs.com/advisories/117
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/shell-quote
browserify 2.3.0 - 11.2.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of shell-quote
node_modules/browserify

tunnel-agent <0.6.0
Severity: moderate
Memory Exposure - https://npmjs.com/advisories/598
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/tunnel-agent
request 2.16.0 - 2.81.0
Depends on vulnerable versions of hawk
Depends on vulnerable versions of tunnel-agent
node_modules/request
coveralls <=2.13.3
Depends on vulnerable versions of js-yaml
Depends on vulnerable versions of minimist
Depends on vulnerable versions of request
node_modules/coveralls
tap 1.1.0 - 11.1.2 || 13.0.0-rc.0 - 13.0.0
Depends on vulnerable versions of coveralls
Depends on vulnerable versions of nyc
node_modules/tap

21 vulnerabilities (1 low, 6 moderate, 12 high, 2 critical)

To address issues that do not require attention, run:
npm audit fix

To address all issues (including breaking changes), run:
npm audit fix --force

Questions: We are conducting a research study on vulnerable dependencies in open-source JS projects. We are curious:

1. Will you fix the vulnerabilities mentioned above? (Yes/No), and why?:
2. Do you have any additional comments? (If so, please write it down):

For any publication or research report based on this study, we will share all responses from developers in an anonymous way. Both your projects and personal information will be kept confidential.

Description: Many popular NPM packages have been found vulnerable and may carry significant risks [1]. Developers are recommended to monitor and avoid the vulnerable versions of the library. The vulnerabilities have been identified and reported by other developers, and their descriptions are available in the npm registry [2].

Steps to reproduce:

• Go to the root folder of the project where the package.json file located
• Execute “npm audit”
• Look at the list of vulnerabilities reported

Suggested Solution: Npm has introduced the “npm audit fix” command to fix the vulnerabilities. Execute the command to apply remediation to the dependency tree.

References:
2019. 10 npm Security Best Practices. https://snyk.io/blog/ten-npm-security-best-practices/.
2021. npm-audit. https://docs.npmjs.com/cli/v7/commands/npm-audit.

Es modules are supported in 86% of browsers,
and this library is used by major web libraries|frameworks.

I have stumbled open this issue while working on experiment in https://next.plnkr.co/edit/8lukaUKTSzv6HOn5

I had to patch invariant with https://next.plnkr.co/edit/8lukaUKTSzv6HOn5?preview=invariant.js

to use export default instead of module.exports at the end.

I suppose a file with called es.js can be created with es export
and package.json can have "module": "./es.js" field.

If I using typescript. why I am should be use this library?
This question come from an example in React-Native code that use typescript and this library too.

invariant is using a defined number of arguments (a,b,c,d,e,f)
imo it should be

invariant(cond, message, ...args) {
	const parsed = message.replace('%s', () => args.shift() || '')
}

The flow type definition says that the format argument is optional, but it's not. At least in dev mode, when format is missing invariant throws an error.

invariant only provides a CommonJS interface (exports = function()). Unfortunately, this will fail if it is used in an ES Module environment (for instance, in jsxstyle).

I don't know enough about how you mirror/bundle this package to provide a PR. A hacky (but probably functional) solution could be to create a default property on invariant and set it to the function:

function invariant() {}
module.exports = invariant;
invariant.default = invariant;

That would allow invariant to be used as an ES Module:

import invariant from 'invariant';

However, a proper ES Module would allow tools like webpack to better optimize bundle size.

I get this Error:
Invariant Violation: Module is not a registered callable module (calling onShouldStartLoadWithRequest)

We have many cases where specifying a message is redundant. It would be great if the message was optional and defaulted to something simple like "Invariant Violation".

I could build "invariant" package successfully from master , however 1 test case is failing with error :

$ npm install
$ npm test
`> [email protected] test /root/invariant
> NODE_ENV=production tap test/*.js && NODE_ENV=development tap test/*.js

test/test.js ........................................ 11/12
  flow
  not ok TypeError: "file" argument must be a non-empty string
    at:
      file: child_process.js
      line: 381
      column: 11
      function: normalizeSpawnArguments
    test: flow
    message: 'TypeError: "file" argument must be a non-empty string'
    stack: |
      normalizeSpawnArguments (child_process.js:381:11)
      exports.spawn (child_process.js:494:38)
      exports.execFile (child_process.js:210:15)
      test/test.js:35:3
      Test.test (node_modules/tap/lib/test.js:411:27)
      Test._processQueue (node_modules/tap/lib/test.js:794:13)
      Test.<anonymous> (node_modules/tap/lib/test.js:401:10)

total ............................................... 11/12


  11 passing (425.672ms)
  1 failing

npm ERR! Test failed.  See above for more details.
`

$ npm --version
5.6.0
$ node --version
v9.9.0

Currently I'm looking into this error , please let me know if this is a know issue.Thanks!

I started using this module but noticed that if an object has the default toString method and I pass it in a %s specifier, it gets printed using the default object toString method, which gives the unhelpful string "[object Object]". I would prefer that the printing used util.inspect or something. How do users of invariant typically deal with this issue?

This is now installed at FB in www and the @providesModule header fucks up jest. Can you please remove the header and update the implementation to match the one in fbjs?

Hi, we'd like to use this in our project, but we need to be able to cite a Patents file.

Any chance you could add a file explicitly stating it?

Thanks!

Would it be possible to update the repo to include the new MIT license as seen in the fbjs repo?

A value of 0 will throw an error, it should not

Hi, we'd like to use this in our project, but we need to be able to cite a license file. I noticed in the package.json that the license is BSD-3-Clause. Any chance you could add a file explicitly stating it?

thanks!

This is more a question than an issue, sorry if there was a better place to ask this.

I noticed the code that accesses process.env.NODE_ENV. Isn't it possible that process itself could be undefined, leading to an error in strict mode?

I am bit confused what it actually means, check out travis log ... https://travis-ci.org/BlackDice/b3-chief/jobs/176028827