what is the difference between `-- <package-name#version> and +-- <package-name#version>? - npm

When I run the command: npm list -g --depth=0
The following output is obtained:
output in cmd admin mode
here 2 packages are listed with +-- while another is listed as `--
what is it telling me about that package?
Here 2 packages are listed with +-- while another is listed as `--
what is it telling me about that package?

I think the +-- indicates that the package is a top-level dependency. When there is no +, just --, it is a sub-dependency of another package.

Related

npx exp start is encounter unknown error when running

I am relatively new to React Native development so I am using Expo to launch my developing app to test it out. However, it seems that the command to start the app is encountering an unknown error.
The command I used:
npx expo start --tunnel
npx expo start
The packages that I have in the project:
+-- #babel/core#7.20.12
+-- #egjs/hammerjs#2.0.17 extraneous
+-- #react-navigation/core#6.4.6 extraneous
+-- #react-navigation/elements#1.3.15 extraneous
+-- #react-navigation/native#6.1.4 extraneous
+-- #react-navigation/routers#6.1.6 extraneous
+-- #react-navigation/stack#6.3.14 extraneous
+-- #types/hammerjs#2.0.41 extraneous
+-- color-string#1.9.1 extraneous
+-- color#4.2.3 extraneous
+-- expo-status-bar#1.4.2
+-- expo#47.0.13
+-- fast-deep-equal#3.1.3 extraneous
+-- filter-obj#1.1.0 extraneous
+-- UNMET DEPENDENCY firebase#9.7.0
+-- hoist-non-react-statics#3.3.2 extraneous
+-- nanoid#3.3.4 extraneous
+-- prop-types#15.8.1 extraneous
+-- query-string#7.1.3 extraneous
+-- react-freeze#1.0.3 extraneous
+-- react-native-gesture-handler#2.9.0 extraneous
+-- react-native-safe-area-context#4.4.1 extraneous
+-- react-native-screens#3.18.2 extraneous
+-- react-native#0.70.5
+-- react#18.1.0
+-- simple-swizzle#0.2.2 extraneous
+-- split-on-first#1.1.0 extraneous
+-- strict-uri-encode#2.0.0 extraneous
+-- use-latest-callback#0.1.5 extraneous
`-- warn-once#0.1.1 extraneous
The packages I have globally:
+-- #expo/ngrok#
+-- expo-cli#6.3.1
`-- npm#9.5.0
This is the result I received:
*QR code generated*
Logs for your project will appear below. Press Ctrl+C to exit.
› Detected a change in babel.config.js. Restart the server to see the new results. You may need to clear the bundler cache with the --clear flag for your changes to take effect.
node:events:491
throw er; // Unhandled 'error' event
^
Error: UNKNOWN: unknown error, lstat 'C:\Users\loral\OneDrive\subjects\year 2\SEG\Bytes\Bytes\BytesApp\node_modules\.react-native-MGkSht9O\React\Base'
Emitted 'error' event on NodeWatcher instance at:
at NodeWatcher.checkedEmitError (C:\Users\loral\OneDrive\subjects\year 2\SEG\Bytes\Bytes\BytesApp\node_modules\metro-file-map\src\watchers\NodeWatcher.js:144:12)
at Walker.emit (node:events:513:28)
at C:\Users\loral\OneDrive\subjects\year 2\SEG\Bytes\Bytes\BytesApp\node_modules\walker\lib\walker.js:52:12
at FSReqCallback.oncomplete (node:fs:207:21) {
errno: -4094,
code: 'UNKNOWN',
syscall: 'lstat',
path: "C:\\Users\\loral\\OneDriven\\subjects\\year 2\\SEG\\Bytes\\Bytes\\BytesApp\\node_modules\\.react-native-MGkSht9O\\React\\Base"
}
Can someone please tell me what is causing this problem?
It was working fine for a while, however, it started to give me this error.
I tried
npm install
npm audit fix --force
npx expo install
but none of these command seems to work.
I have reinstalled expo-cli and reinstall Nodejs as well.

difference between `-- and +-- after running npm list

Whilst addressing GitHub dependabot updates, I've been looking through the dependencies list created after running npm ls -a.
I (think I) understand the nesting involved: a pipe indicates that packages below are part of the dependencies list, and so on.
see image created from running npm ls -a > file.txt
What I don't understand is the difference between +-- and `--.
After looking at it for the best part of an hour (embarassingly) my best guess is that `-- indicates the last package in a given nesting, whilst +-- is an indication there are more packages.
It would be great if anybody could help clarify and enlighten me on what's getting output here.
Yep, it just means "the last one at this level". Depending on your locale, npm draws a nice little Unicode box drawing "end hook" thing, or the approximation you were seeing:
/tmp/example > LC_ALL=en_US.UTF-8 npm ls -a
example# /tmp/example
└─┬ string-width#5.1.2
├── eastasianwidth#0.2.0
├── emoji-regex#9.2.2
└─┬ strip-ansi#7.0.1
└── ansi-regex#6.0.1
/tmp/example > LC_ALL=C npm ls -a
example# /tmp/example
`-- string-width#5.1.2
+-- eastasianwidth#0.2.0
+-- emoji-regex#9.2.2
`-- strip-ansi#7.0.1
`-- ansi-regex#6.0.1
If you don't want to change your locale, but do want npm ls to use the better-looking glyphs, you can pass --unicode.

how to resolve cve CVE-2020-28052 json-schema for npm

By performing a dependency check using owasp 7.0.4 on my project, which uses java for BE and JS for BFE, i got ceveral CVEs noted over 8. One is the json-schema package used by npm. This the packages configuration in the package.json:
dependency:
"json-schema": "^0.4.0"
"npm": "^7.13.0"
when calling the command npm ls json-schema to check json-schema use i got:
+-- json-schema#0.4.0
+-- lerna#4.0.0
| `-- #lerna/add#4.0.0
| `-- pacote#11.3.5
| `-- #npmcli/run-script#1.8.6
| `-- node-gyp#7.1.2
| `-- request#2.88.2
| `-- http-signature#1.2.0
| `-- jsprim#1.4.2
| `-- json-schema#0.4.0 deduped
`-- npm#7.24.2
`-- node-gyp#7.1.2
`-- request#2.88.2
`-- http-signature#1.2.0
`-- jsprim#1.4.1
`-- json-schema#0.2.3
I see that i need to somehow force npm use the latest json-schema version.
Can please anyone give me a hint, if this is the right way and how to achieve it?
Problem solved by updating npm to 8.6.0

How to resolve the transitive dependencies of different versions in npm?

My application depends on npm packages ajv-keywords & #apideck/better-ajv-errors which in turn are dependent on package ajv but of different versions as shown in below errors.
npm ERR! peer dep missing: ajv#^6.9.1, required by ajv-keywords#3.5.2
npm ERR! peer dep missing: ajv#>=8, required by #apideck/better-ajv-errors#0.2.5
Solutions I tried with no effect -
Installed and executed npm-install-peers
Solution mentioned in https://stackoverflow.com/a/56495651/16958085
Below graph shows how the two packages are loaded -
> npm ls #apideck/better-ajv-errors#0.2.5
`-- my-app#0.1.8
`-- react-scripts#5.0.0-next.37
`-- workbox-webpack-plugin#6.2.4
`-- workbox-build#6.2.4
`-- #apideck/better-ajv-errors#0.2.5
> npm ls ajv-keywords#3.5.2
+-- babel-loader#8.2.2
| `-- schema-utils#2.7.1
| `-- ajv-keywords#3.5.2
+-- my-app#0.1.8
| `-- react-scripts#5.0.0-next.37
| `-- react-dev-utils#12.0.0-next.37
| `-- fork-ts-checker-webpack-plugin#6.0.5
| `-- schema-utils#2.7.0
| `-- ajv-keywords#3.5.2 deduped
`-- webpack#5.53.0
`-- schema-utils#3.1.1
`-- ajv-keywords#3.5.2 deduped
Please suggest an appropriate solution to satisfy both the dependencies.
that's never a fun situation to be in, and can't say either npm nor yarn have ever managed solved this completely/cleanly.
Normally, you'd be stuck waiting for your dependencies to unpin, or upgrade their versions...
That said, not sure if you have a specific requirement to use an older version of ajv-keywords, but the latest ajv-keywords uses ajv v8.
updating your package.json with
"ajv-keywords": "^5.0.0"
and re-running npm install should get you there.
If in doubt, be sure to review their readme to verify the update doesn't imply any unexpected changes for you.

Mismatch npm? Why does 'yo generator-jhipster' not show oracle in my database options?

The latest version of jHipster gives different options than the one being displayed in my command prompt. I am wondering why am I missing some things like the oracle database option?
Does anyone have any ideas? Doing npm list generator-jhipster shows that I in fact DO have the current latest version.
This is what I should see:
What I should see
Versus what I actually see:
https://twitter.com/BuilderDeviser/status/694251531261050882
Doing an npm list -g --depth=0 :
C:\Program Files\nodejs
+-- bower#1.7.7
+-- capslink#0.0.0
+-- generator-jhipster#2.27.0
+-- grunt-cli#0.1.13
+-- gulp#3.9.0
+-- npm#3.6.0
+-- reinstall#1.1.0
+-- semver#5.1.0
+-- strongloop#6.0.0
`-- yo#1.6.0
Found the problem.... i did a drive search for 'generator-jhipster' and windows found all folders of that name.
I looked at each path and found that generator-jhipster way back from 2.7 was still hanging around in zip format. I definitely don't need that anymore. I ended up trashing any old instances of generator-jhipster and any cache/temp locations.
I reinstalled forcing npm to target 2.27 by doing 'npm install -g generator-jhipster#2.27'
Now I have the current and latest version of jhipster runnning!