Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2026-05-06 16:45:53 +02:00
Code Issues Packages Projects Releases Activity

feat(script): mark cheerio as deprecated and provide alternative

Browse Source
This commit is contained in:
Elian Doran
2026-04-10 10:22:15 +03:00
parent fe710823c1
commit d009582252
7 changed files with 84 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/User Guide/!!!meta.json vendored
View File

@@ -17831,6 +17831,34 @@
"dataFileName": "v0.103.0 Removal of axios.md",
"attachments": []
},
{
"isClone": false,
"noteId": "pAJ0jWz16xFm",
"notePath": [
"pOsGYCXsbNQG",
"CdNpE2pqjmI6",
"cNpC0ITcfX0N",
"pAJ0jWz16xFm"
],
"title": "v0.103.0: `cheerio` is now deprecated",
"notePosition": 20,
"prefix": null,
"isExpanded": false,
"type": "text",
"mime": "text/html",
"attributes": [
{
"type": "label",
"name": "shareAlias",
"value": "cheerio-deprecated",
"isInheritable": false,
"position": 30
}
],
"format": "markdown",
"dataFileName": "v0.103.0 `cheerio` is now depr.md",
"attachments": []
},
{
"isClone": false,
"noteId": "72dxvnbnkDFY",
@@ -17841,7 +17869,7 @@
"72dxvnbnkDFY"
],
"title": "v0.102.0: Upgrade to jQuery 4.0.0",
"notePosition": 20,
"notePosition": 30,
"prefix": null,
"isExpanded": false,
"type": "text",

6
docs/User Guide/User Guide/Scripting/Breaking changes/v0.103.0 Removal of axios.md vendored
View File

@@ -1,10 +1,12 @@
# v0.103.0: Removal of axios
The `api.axios` library has been removed from the backend scripting API.
Axios was marked as deprecated at least since April 2024 in favor of the native `fetch()` API, which is available in both browser and Node.js environments. After two years of deprecation, the library was removed following the [March 2026 npm supply chain compromise](https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust), where attackers published malicious versions that deployed a remote access trojan. The Trilium's main developer almost got compromised, but `pnpm` not trusting unknown post-install scripts successfully avoided that.
Scripts that attempt to use `api.axios` will now throw an error with migration instructions.
## Reasoning
Axios was marked as deprecated at least since April 2024 in favor of the native `fetch()` API, which is available in both browser and Node.js environments. After two years of deprecation, the library was removed following the [March 2026 npm supply chain compromise](https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust), where attackers published malicious versions that deployed a remote access trojan. The Trilium's main developer almost got compromised, but `pnpm` not trusting unknown post-install scripts successfully avoided that.
## Migration
Replace `api.axios` calls with the native `fetch()` API.

24
docs/User Guide/User Guide/Scripting/Breaking changes/v0.103.0 `cheerio` is now depr.md vendored Normal file
View File

@@ -0,0 +1,24 @@
# v0.103.0: `cheerio` is now deprecated
The `api.cheerio` library is deprecated and will be removed in a future version.
## Reasoning
Cheerio is only used for the scripting API while the server internally uses `node-html-parser` for HTML parsing. Removing `cheerio` reduces bundle size and maintenance overhead.
## Migration
Before (`cheerio`):
```javascript
const $ = api.cheerio.load(html);
const title = $('h1').text();
const links = $('a').map((i, el) => $(el).attr('href')).get();
```
After (`htmlParser`):
```javascript
const root = api.htmlParser.parse(html);
const title = root.querySelector('h1')?.textContent;
const links = root.querySelectorAll('a').map(a => a.getAttribute('href'));
```