Modifying an npm package locally to manually fix dependency tree issues? - npm

In the process of learning nest.js, I've run into an npm dependency tree issue.
I'm attempting to do something like npm install --save-dev #types/bcrypt #types/passport #types/passport-jwt. This (and similar npm commands) will throw this error:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: #nestjs/passport#8.2.1
npm ERR! Found: passport#0.6.0
npm ERR! node_modules/passport
npm ERR! passport#"^0.6.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer passport#"^0.4.0 || ^0.5.0" from #nestjs/passport#8.2.1
npm ERR! node_modules/#nestjs/passport
npm ERR! #nestjs/passport#"^8.2.1" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: passport#0.5.3
npm ERR! node_modules/passport
npm ERR! peer passport#"^0.4.0 || ^0.5.0" from #nestjs/passport#8.2.1
npm ERR! node_modules/#nestjs/passport
npm ERR! #nestjs/passport#"^8.2.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
I've traced the problem to the following:
I currently have version 8.2.1 of #nestjs/passport installed - this was released on Feb 16
I can see in my local folder of node_modules/#nestjs/passport/package.json that it has the dependency "passport": "^0.4.0 || ^0.5.0 , as the terminal error implies
In the current Github version of #nestjs/passport, however, I see that they've updated that line to include || ^0.6.0 in late May link
#nestjs/passport hasn't created a new release with this (and other) updates yet though.
Two things I'm wondering:
How can I resolve this dependency issue now, before the maintainers of #nestjs/passport publish their next release?
Why doesn't it work for me to go into my local node_modules/#nestjs/passport/package.json file and manually change it to include ^0.6.0? (After doing that, saving the file, and trying the npm commands again, I still get the same dependency errors)

NPM has already answered the question for you, there are two solution you can try, either run :
npm install --legacy-peer-deps
This section from the npm blog explains what that command does:
We have identified automatic peerDependencies installation as a potentially disruptive change for many users (albeit one that we are confident is the correct behavior for a package manager), we have some tools to minimize this disruption, based on the feedback we get.
We are confident that resolving package trees such that peerDependencies are properly accounted for is the right thing to do. After all, an error here can result in a production issue that’s very difficult to debug later, especially if it occurs deep in a node_modules tree. However, years of not resolving peerDependencies has allowed many projects to fail to notice these problems.
In order to get unblocked and install your project in spite of peerDependencies conflicts, you can use the --legacy-peer-deps flag at install time. It may be that the disruption is too great to take all at once, and we have to have this flag enabled by default for a while as projects gradually update their conflicting dependencies. Our intent is to let the beta give us some more data points to help make that decision carefully.
Or force passport into installing (I'm not sure that is recommended)
npm install [package] --force
This will force npm to fetch remote resources even if a local copy exists on disk.
Good Luck.

Related

Fix the upstream dependency conflict tfjs-react-native

I'm trying to install tfjs-react-native for a project that it's also using expo-camera but I get an error.
I followed the instructions on https://www.npmjs.com/package/#tensorflow/tfjs-react-native and installed every dependency, but I fail at the last step which is:
npm install #tensorflow/tfjs-react-native
I'm not able to understand what it's asking me. It seems that tfjs-react-native tries to use expo-camera#7 and I have installed the last one which is 12.3.0. Is that the problem? If so how can I fix this?
Hopefully somebody can help me out. Thanks
While resolving: alpr#1.0.0 npm ERR! Found: expo-camera#12.3.0 npm
ERR! node_modules/expo-camera npm ERR! expo-camera#"~12.3.0" from
the root project npm ERR! npm ERR! Could not resolve dependency: npm
ERR! peer expo-camera#"^7.0.0" from
#tensorflow/tfjs-react-native#0.8.0 npm ERR!
node_modules/#tensorflow/tfjs-react-native npm ERR!
#tensorflow/tfjs-react-native#"^0.8.0" from the root project npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this
command with --force, or --legacy-peer-deps npm ERR! to accept an
incorrect (and potentially broken) dependency resolution.
I solved it using --legacy-peer-deps. Now I was able to install it, my project still don't work but I will post the problem in another question.

I am not able to install npm packages on my vaadin project

happy new year!
Any package that I am trying to install I am getting this:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR!
npm ERR! While resolving: #rollup/pluginutils#3.1.0
npm ERR! Found: dev #rollup/plugin-typescript#"^3.0.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! dev #rollup/plugin-typescript#"^3.0.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See ~/.npm/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! ~/.npm/_logs/2022-01-02T16_54_42_026Z-debug.log
I am trying to use this npm install --save #fortawesome/fontawesome-free
I don't understand what could be wrong.
as it said in the error, you are handling an old package dependency and therefore you can use --force, or --legacy-peer-deps
Another solution that worked for me, and I think is better, try to install it through pnpm, as it seems to handle it.
I will guess you have decided to update npm itself recently on your local env.
if you run the following (as per your error message), it should install dependencies without trouble.
npm i --legacy-peer-deps
Running npm v8+ to update your dependencies will upgrade the version of your package-lock.json. The issue is that your repo libraries have many old dependencies which might not be compatible with this update. When you run npm with --legacy-peer-deps it uses the old ways...
I have encountered similar problems. After checking, I found that the primary group permission of the node program home directory is 500.500, which needs to be set to root root
Did you try this :
sudo npm install --save #fortawesome/fontawesome-free

How to handle conflicting peer dependencies?

As a devDependency I have installed "#typescript-eslint/parser": "~4.31.2"
Running npm install tells me, that a package needs 4.20.0 and another one 4.28.3 - if I understand the error correctly.
How do I handle these npm package conflicts?
npm ERR! While resolving: #nrwl/eslint-plugin-nx#12.9.0
npm ERR! Found: #typescript-eslint/parser#4.31.2
npm ERR! node_modules/#typescript-eslint/parser
npm ERR! dev #typescript-eslint/parser#"~4.31.2" from the root project
npm ERR! #typescript-eslint/parser#"^4.20.0" from eslint-config-next#11.1.2
npm ERR! node_modules/eslint-config-next
npm ERR! dev eslint-config-next#"11.1.2" from the root project
npm ERR! eslint-config-next#"^11.1.0" from #nrwl/next#12.9.0
npm ERR! node_modules/#nrwl/next
npm ERR! dev #nrwl/next#"12.9.0" from the root project
npm ERR! 1 more (#typescript-eslint/eslint-plugin)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer #typescript-eslint/parser#"~4.28.3" from #nrwl/eslint-plugin-nx#12.9.0
npm ERR! node_modules/#nrwl/eslint-plugin-nx
npm ERR! dev #nrwl/eslint-plugin-nx#"12.9.0" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: #typescript-eslint/parser#4.28.5
npm ERR! node_modules/#typescript-eslint/parser
npm ERR! peer #typescript-eslint/parser#"~4.28.3" from #nrwl/eslint-plugin-nx#12.9.0
npm ERR! node_modules/#nrwl/eslint-plugin-nx
npm ERR! dev #nrwl/eslint-plugin-nx#"12.9.0" from the root project
You are using npm 7.x, which is more strict about peer dependencies than npm 6.x. The easiest solution is to run npm install with the --legacy-peer-deps flag. In theory, that may result in some incompatibility issues with peer dependencies. In practice, a lot of people do it anyway. And a lot of people are running npm 6.x and that is the default behavior there, so a lot of people are doing it perhaps without even realizing it.
In your case, #nrwl/eslint-plugin-nx#12.9.0 says that it requires #typescript-eslint/parser#4.28.x and you are installing #typescript-eslint/parser#4.31.2. So if you don't want to use npm 6.x or the --legacy-peer-deps solution, another possibility is to install #typescript-eslint/parser#4.28.5 instead of 4.31.2.
Another thing you can do is open a pull request to update #nrwl/eslint-plugin-nx to use ^ in the relevant peerDependencies entry instead of ~. That will allow 4.x for the peer dependency, rather than limiting it to 4.28.x. It's possible they limited it so severely on purpose, but probably not. (I went to look, but there are hundreds of issues opened in that repository so I didn't spend time looking through them.)
Encountered similar errors when running an Azure DevOps build pipeline (which hadn't changed) against source code that also hadn't changed.
Adding the -g npm-reinstall option to the npm install step resolved the issue.
npm install -g npm-reinstall
While using nx monorepo the solution was to run nx migrate 'package'
e.g.
nx migrate #typescript-eslint/parser

How do I read npm "conflicting peer dependency" error messages?

I'm in the process of trying to upgrade some npm dependencies of a project I own, and I'm getting a "conflicting peer dependency" error.
I see a lot of questions on this site asking for help fixing such errors. However, I've struggled to find information on what these errors actually mean. I feel like if I understood that, I'd have a chance of figuring out how to solve the problem on my own.
Here's the error message I'm trying to interpret:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: #angular-devkit/build-angular#0.1102.5
npm ERR! node_modules/#angular-devkit/build-angular
npm ERR! dev #angular-devkit/build-angular#"~0.1102.9" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! dev #angular-devkit/build-angular#"~0.1102.9" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: #angular/localize#11.2.10
npm ERR! node_modules/#angular/localize
npm ERR! peerOptional #angular/localize#"^11.0.0 || ^11.2.0-next" from #angular-devkit/build-angular#0.1102.9
npm ERR! node_modules/#angular-devkit/build-angular
npm ERR! dev #angular-devkit/build-angular#"~0.1102.9" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
This can be reproduced by running npm install in the root of this Github branch (I'm using npm 7.10.0.)
My general understanding of a "conflicting peer dependency" error is that some package I depend upon is expressing a peer dependency on a package version spec which does not match the version of that package that I actually have installed.
For example, if my project has direct dependencies on packages A and B, and I have version 12.0.0 of A installed but my version of B has a peer dependency on ^11.0.0 of package A, then I will get a conflicting peer dependency error, because I'm using B with a version of A that it is potentially incompatible with.
Therefore, my best guess as to what this error message could mean is that some package I depend upon has a peer dependency on #angular/localize version spec ^11.0.0 || ^11.2.0-next, but this spec does not match the version of #angular/localize I have installed.
When I look at my package-lock.json, I do see that the node_modules/#angular-devkit/build-angular entry has an entry "#angular/localize": "^11.0.0 || ^11.2.0-next" in its peerDependencies.
However, this is the only mention of #angular/localize anywhere in this file -- or indeed in package.json. I haven't explicitly requested for it to be installed. Furthermore, it is marked as "optional": true in the peerDependenciesMeta of node_modules/#angular-devkit/build-angular. So it's surprising to see an error message related to it.
The error mentions that the specific conflicting peer dependency is #angular/localize#11.2.10. I don't see where that version number is coming from. But regardless, it actually seems to match the dependency specification underneath: if I go to semver.npmjs.com and type in #angular/localize as the package and ^11.0.0 || ^11.2.0-next as the version range, I see version 11.2.10 of the package highlighted in green, indicating that it matches the range.
So I'd really appreciate some help understanding in detail what this error message is telling me. I don't know why npm is trying to install 11.2.10 of #angular/localize, or why it thinks this conflicts with the peer dependency specification of #angular-devkit/build-angular. It feels like I might be misunderstanding this message completely.
I'm guessing this boils down to some kind of incompatibility between the latest published versions of some of the Angular packages. If anyone has any pointers on how this particular error should be fixed, that would be great -- but I'm much more interested in simply understanding what the error message is telling me, so I can work it out for myself.
Recommendation:
Check out Yarn.
I was able to circumvent the issue in NPM by using Yarn instead of NPM. Yarn is basically a wrapper utility around NPM that adds extra features, which are super useful. It's especially helpful for managing NPM dependencies better.
For instance, it can check if a package is already installed on your machine for another project, directly or as a sub dependency, and can reuse that installed version rather than re-installing a copy of the same package; saves space and makes for faster installations, especially with some of the most common dependencies.
So, due to the optimized way Yarn handles dependencies, I think it helps avoid this issue faced by the OP.
Resolution:
First, delete the node_modules folder in your project.
Yarn will complain about any package-lock.json files, so delete that too (or back it up, then delete it). Do not delete package.json, yarn will need that.
Simply install yarn: npm i yarn (you could do this globally, too).
Then run yarn install in your project directory.
Reading through this GitHub issue, it appears my interpretation of the error message was correct, and that this is in fact a bug in npm.
This appears to have been reported as npm/cli/issues/3083; a fix has been merged, so I guess we just have to wait until it gets included in some upcoming npm release.

NPM install only creating a package-lock.json?

I am working on a Microsoft Surface 3 running Windows 10. I use git bash for windows for file system management. I'm running npm version 6.14.4 and node version 12.16.2
I'm currently working on an app for some school work and want to run a lite-server instead of vscode's go live extension.
My understanding is that npm install should be run outside of the application as a best practice, but once it's running, you can go back in your terminal in vscode and use npm run start or npm run dev to get the server up. I learned that the two-step process from an online course where I cloned the instructor's work from his Github. In other words, he may have done some preliminary steps that I'm leaving out unintentionally.
I visited the npm docs and spend about an hour familiarizing myself with the technology. Found a nice, simple set of commands to get moving:
$ npm install lite-server --save-dev
(which I run in the project's root folder from git bash)
$ yarn add lite-server --dev # or yarn
...and add a "script" entry within your project's package.json file:
Inside package.json...
"scripts": {
"dev": "lite-server"
},
With the above script entry, you can then start lite-server via:
$ npm run dev
Problem is, I get loads of errors upon NPM install, no package.json file is generated (only a package-lock.json), and attempting npm run dev brings up multiple errors.
From NPM install, I see the following issues mostly:
I get deprecated warnings, chokidar, fsevents, urix, etc.
npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents#1.2.12: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
I am always getting this package-lock.json notice, not sure what it is:
npm notice created a lockfile as package-lock.json. You should commit this file.
Obviously loads of "skipping optional dependency" warnings:
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^1.2.7 (node_modules\chokidar\node_modules\fsevents):
I get "no such file or directory" warnings:
npm WARN enoent ENOENT: no such file or directory, open 'C:\Users\smansfield\desktop\bootcamp_code_responses\class_content_1\activity_4\package.json'
I get these warnings:
npm WARN activity_4 No description
npm WARN activity_4 No repository field.
npm WARN activity_4 No README data
npm WARN activity_4 No license field.
From npm run dev I'm getting these errors:
npm ERR! code ENOENT
npm ERR! syscall open
npm ERR! path C:\Users\smansfield\Desktop\bootcamp_code_responses\class_content_1\activity_4\package.json
npm ERR! errno -4058
npm ERR! enoent ENOENT: no such file or directory, open 'C:\Users\smansfield\Desktop\bootcamp_code_responses\class_content_1\activity_4\package.json'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\smansfield\AppData\Roaming\npm-cache_logs\2020-04-26T17_59_00_317Z-debug.log
I've searched all manner of blogs for any insight on these items... No one seems to have posted about these exact items:
why NPM install is responding with so many errors, deprecation, etc.
why am I only getting package-lock.json upon install?
why am I always getting these errors when I try to spin up the lite-server, especially these ENOENT codes and path errors?
Thank you for any insight you can provide me on this. I'll most certainly pay it forward.
Sam
Try run npm init first. It will initialize your project with npm.