This stack overflow answer didn't work for me (how to solve this npm glob-parent problem).
Now the blob-parent needs to upgrade to version 6.0.1 or higher.
When I do npm ls glob-parent, this is what it looks.
Some of the glob-parent needs to be 6.0.1 or higher but npm install glob-parent#6.0.1 won't upgrade all of glob-parent.
How can I upgrade the glob-parent? or how can I address glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex issue?
Attempts
I tried
npm audit fix --force
npm install glob-parent
npm install glob-parent#6.0.1
Related
The package manager npm gives a high severity vulnerability which I don't know how to fix. The advised forced fix wants to install a very old version of expo. Node is up to date (v18.14.1). There seems to be an outdated version reference in 'find-babel-config' to JSON5.
Does anyone have an idea how to fix this dependency? I tried reinstalling and updating npm, including manually deleting node_modules and package-lock.json, cleaning npm cache and updating expo.
npm audit
# npm audit report
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install expo#1.0.0, which is a breaking change
node_modules/babel-preset-expo/node_modules/json5
find-babel-config <=1.2.0
Depends on vulnerable versions of json5
node_modules/babel-preset-expo/node_modules/find-babel-config
babel-plugin-module-resolver 2.3.0 - 4.1.0
Depends on vulnerable versions of find-babel-config
node_modules/babel-preset-expo/node_modules/babel-plugin-module-resolver
babel-preset-expo *
Depends on vulnerable versions of babel-plugin-module-resolver
node_modules/babel-preset-expo
expo >=14.0.0
Depends on vulnerable versions of babel-preset-expo
node_modules/expo
I'm trying to install firebase tools.
However I am presented with this error:
# npm audit report
express <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.8
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/express
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install firebase-tools#1.2.0, which is a breaking change
node_modules/firebase-tools/node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/firebase-tools/node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/firebase-tools/node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/firebase-tools/node_modules/superstatic/node_modules/update-notifier
node_modules/firebase-tools/node_modules/update-notifier
firebase-tools >=2.0.0
Depends on vulnerable versions of update-notifier
node_modules/firebase-tools
superstatic >=0.12.11
Depends on vulnerable versions of update-notifier
node_modules/firebase-tools/node_modules/superstatic
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/minimatch
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/firebase-tools/node_modules/qs
node_modules/firebase-tools/node_modules/request/node_modules/qs
body-parser 1.19.0
Depends on vulnerable versions of qs
node_modules/firebase-tools/node_modules/body-parser
express <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.8
Depends on vulnerable versions of qs
node_modules/firebase-tools/node_modules/express
10 vulnerabilities (6 moderate, 4 high)
When I run:
npm audit fix // or
npm audit fix --force
I get the exact same error.
I then tried to see if updating the packages manually would help, for example by running:
npm install qs#latest
But I get the exact same issues.
I have also
deleted my package.json-lock file and the nodule modules folder and tried a fresh install. still yada
Why can't I seem to break out of this loop?
SOLVED:
I managed to get around it by using the auto install script and not npm from https://firebase.google.com/docs/cli#mac-linux-auto-script:
curl -sL https://firebase.tools | bash
I am able now to use firebase init log in and deploy.... phew!
My setup
MacOS = Catalina 10.15.4 (latest version)
nvm = 0.35.3 (latest version)
node.js = 12.16.3 (latest LTS version). Installed inside of nvm directories.
npm = 6.14.4 (latest version). Installed inside of nvm directories.
note: no global installations inside of usr/local.
My problem
I use npm init -y to create my package.json. No problems here.
I use npm install --save-dev #babel/core. No problems here. I get version 7.9.6.
Then when I use npm install --save-dev #babel/cli I am getting back:
npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents#1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url#0.2.1: https://github.com/lydell/resolve-url#deprecated
The #babel/cli version is 7.8.4.
My attempts to fix the problem
npm install chokidar#3 gives me the exact same warnings.
npm install chokidar followed by npm install --save-dev #babel/cli gives me the exact same warnings.
npm upgrade chokidar gives me absolutely nothing. The terminal simply starts a new line.
I have installed xcode's command line tools (version 11.4.1 - latest non-beta) and the problem persists.
I uninstalled node.js and npm and then re-installed using nvm. The problem still persists.
I have tried reading through the installation guides and documentation at www.babeljs.io but a lot of information seems to be out of date and/or are contradicting themselves. I can't find any youtube videos that may discuss the problem because they are also out of date. All the posts on stackoverflow.com that even slightly relate to this issue are also out of date. My biggest problem is trying to find information that isn't out of date.
I'm very stuck. I'm struggling to think of what direction to go in next to try and figure out how to fix these deprecation warnings.
Any help would be really appreciated.
As at 7.10.3, Babel requires the deprecated chokidar to provide backward compatibility for Node 6.
As I understand Babel 8 will drop support for Node 6.
Please see the following 2 babel issues for more information on this topic:
Babel issue 9981 and Babel issue 10684
Regarding urix and resolve-url, the Babel source tree references source-map-resolve#0.5.3 which in turn references the deprecated urix and resolve-url.
As shown in the warning message in your post, the links resolve-url and urix explain that "The solution is to make your dependency chain update to source-map-resolve version 0.6.0 or later, or switch to dependencies not using source-map-resolve at all." however whether you are keen to chance messing with the Babel dependency tree is another story.
Deprecated however does not mean broken and as you are using Node 12.16.3 and the warnings state failure only from Node 14+ my expectation is that they should still perform as desired in your scenario.
I am trying to install the expo-cli using nvm but for some reason it will get to a certain point during installation and then just stop.
I have tried using different node versions along with trying to remove the permissions that could of potentially been blocking the installation but still no luck. This is what shows in the console:
npm WARN deprecated joi#14.0.4: This version has been deprecated in accordance with the hapi support policy (hapi.im/sup
port). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable
to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated #babel/polyfill#7.4.4: ? As of Babel 7.4.0, this
npm WARN deprecated package has been deprecated in favor of directly
npm WARN deprecated including core-js/stable (to polyfill ECMAScript
npm WARN deprecated features) and regenerator-runtime/runtime
npm WARN deprecated (needed to use transpiled generator functions):
npm WARN deprecated
npm WARN deprecated > import "core-js/stable";
npm WARN deprecated > import "regenerator-runtime/runtime";
npm WARN deprecated joi#11.4.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/sup
port). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable
to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated topo#2.0.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/sup
port). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable
to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek#4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/sup
port). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable
to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated topo#3.0.3: This module has moved and is now available at #hapi/topo. Please update your dependencie
s as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated hoek#6.1.3: This module has moved and is now available at #hapi/hoek. Please update your dependencie
s as this version is no longer maintained an may contain bugs and security issues.
npm WARN tarball tarball data for #expo/traveling-fastlane-linux#1.9.11 (sha512-xCHnqKfwWYygQfRbi9MGNSG28EHKDtzMB+QDklSH
1GeD90TA0beAjlNF+Z+KPxj28s3WZlQr9yw1AqBS7aipcw==) seems to be corrupted. Trying one more time.
Which terminal are you using ? If it's GitBash so the issue arises there try using any other terminal and it works.
I had this exact same problem ("tarball data for #expo/traveling-fastlane-linux#1.9.11 seems to be corrupted") on the command line (instead of powershell) on Windows 10, and running cmd as administrator solved the issue.
I have the same problem. It looks like is a permission issue. Following the documentation I reinstall npm with a node version manager. As I'm a linux user, I use nvm (check the documentation to chose the adequate manager for your system).
After uninstalled both npm and node, I ran:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.1/install.sh | bash
Check installation using:
command -v nvm
The output must be nvm.
Finally, run:
npm install -g expo-cli
tried installing using yarn also not worked.. please anyone help me with this..
Your environment has been set up for using Node.js 10.16.1 (x64) and npm.
C:\Windows\System32>npm install expo-cli --global
npm WARN deprecated joi#14.0.4: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated #babel/polyfill#7.4.4: � As of Babel 7.4.0, this
npm WARN deprecated package has been deprecated in favor of directly
npm WARN deprecated including core-js/stable (to polyfill ECMAScript
npm WARN deprecated features) and regenerator-runtime/runtime
npm WARN deprecated (needed to use transpiled generator functions):
npm WARN deprecated
npm WARN deprecated > import "core-js/stable";
npm WARN deprecated > import "regenerator-runtime/runtime";
npm WARN deprecated joi#11.4.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated topo#2.0.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek#4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hoek#6.1.3: This module has moved and is now available at #hapi/hoek. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN deprecated topo#3.0.3: This module has moved and is now available at #hapi/topo. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.
npm WARN tarball tarball data for #expo/traveling-fastlane-darwin#1.9.11 (sha512-nvZSe2FI8cFcv27uosrmjIhfwbuClG+rbMe9OswsdhIVaJkYvF8LN8gIJ/Fsi2S+20GQizxjC11DFq++MOCm+w==) seems to be corrupted. Trying one more time.
Terminate batch job (Y/N)? y
Warning does not cause any problems with your installation. If there is no error, it is installed normally.
I experienced the same problem since yesterday. My solution is to use some of the installation instructions for React Native CLI Quickstart:
install Chocolatey from here. If using windows, run the install instruction from command prompt as Administrator.
Next, if you already have node.js installed, run this line : choco install install python2 jdk8. If not, run choco install -y nodejs.install python2 jdk8. If using windows, run it from command prompt as Administrator.
Run this line : npm install -g react-native-cli
and at last, run that line where you previously stuck : npm install -g expo-cli. This works for me, hopefully works for you.
If you are using mac then follow these steps
go to the home of your terminal and run this cmd
open .npmrc
Check if you have the below line, then remove the below line it and save the file
prefix=/Users/yourname/.nvm/versions/node/v6.11.2
then run
npm install expo-cli --global
expo init my-new-project
These steps solved my issue installing Expo CLI globally.
I hope this help.
Try Installing every dependency listed in that error message
=> npm install -g #hapi/hapi
visit hapi.dev
update the #hapi dependency i just did that now and it has reduced th errors but you will need to find all the errors listed on your own command line