I have number of warnings while I am trying to do install Vue JS.How can I solve this issue?
npm i -g #vue/cli
npm WARN deprecated source-map-url#0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated source-map-resolve#0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated resolve-url#0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated subscriptions-transport-ws#0.11.0: The subscriptions-transport-ws package is no longer maintained. We recommend you use graphql-ws instead. For help migrating Apollo software to graphql-ws, see https://www.apollographql.com/docs/apollo-server/data/subscriptions/#switching-from-subscriptions-transport-ws For general help using graphql-ws, see https://github.com/enisdenjo/graphql-ws/blob/master/README.md
changed 852 packages, and audited 853 packages in 16m
4 vulnerabilities (2 moderate, 2 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit for details.
Moreover, I already tried with npm audit fix --force.Please help me to solve this issue if anyone got the idea.
Thanks in advance
$ npm --version
8.0.0
$ npm i uncss -g
npm WARN deprecated request-promise-native#1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator#5.1.5: this library is no longer supported
npm WARN deprecated uuid#3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
changed 115 packages, and audited 116 packages in 2s
4 packages are looking for funding
run `npm fund` for details
1 moderate severity vulnerability
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
I got the above warnings. But I can not fix it as shown below. How to fix it?
$ npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/myuser/.npm/_logs/2022-07-23T03_14_54_574Z-debug.log
Goodnight all.
When I try to install a package I get the error you can see below and nothing installs.
up to date, audited 488 packages in 4s
13 packages are looking for funding
run `npm fund` for details
8 vulnerabilities (5 moderate, 3 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
So I did npm audit fix but here is what it gets me.
PS C:\Users\Elève\OneDrive - Conseil régional Grand Est - Numérique Educatif\Bureau\wolfyz-bot> npm audit fix
npm WARN audit fix json-schema#0.2.3 node_modules/npm/node_modules/json-schema
npm WARN audit fix json-schema#0.2.3 is a bundled dependency of
npm WARN audit fix json-schema#0.2.3 npm#7.24.2 at node_modules/npm
npm WARN audit fix json-schema#0.2.3 It cannot be fixed automatically.
(I do not put all the Warn because it would be too long. Just below the warm, here is what I have)
Depends on vulnerable versions of strip-ansi
node_modules/npm/node_modules/string-width
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
live-server >=1.2.0
Depends on vulnerable versions of chokidar
node_modules/live-server
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/npm/node_modules/jsprim
8 vulnerabilities (5 moderate, 3 high)
To address all issues, run:
npm audit fix
In summary, when I do npm audit fix, it advises me to do npm audit fix which I did...
Can you help me please?
As the output states, it cannot automatically fix it:
npm WARN audit fix json-schema#0.2.3 It cannot be fixed automatically.
You can either ignore it, or manually update json-schema and look for compatibility issues.
I'm in the process of trying to upgrade some npm dependencies of a project I own, and I'm getting a "conflicting peer dependency" error.
I see a lot of questions on this site asking for help fixing such errors. However, I've struggled to find information on what these errors actually mean. I feel like if I understood that, I'd have a chance of figuring out how to solve the problem on my own.
Here's the error message I'm trying to interpret:
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: #angular-devkit/build-angular#0.1102.5
npm ERR! node_modules/#angular-devkit/build-angular
npm ERR! dev #angular-devkit/build-angular#"~0.1102.9" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! dev #angular-devkit/build-angular#"~0.1102.9" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: #angular/localize#11.2.10
npm ERR! node_modules/#angular/localize
npm ERR! peerOptional #angular/localize#"^11.0.0 || ^11.2.0-next" from #angular-devkit/build-angular#0.1102.9
npm ERR! node_modules/#angular-devkit/build-angular
npm ERR! dev #angular-devkit/build-angular#"~0.1102.9" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
This can be reproduced by running npm install in the root of this Github branch (I'm using npm 7.10.0.)
My general understanding of a "conflicting peer dependency" error is that some package I depend upon is expressing a peer dependency on a package version spec which does not match the version of that package that I actually have installed.
For example, if my project has direct dependencies on packages A and B, and I have version 12.0.0 of A installed but my version of B has a peer dependency on ^11.0.0 of package A, then I will get a conflicting peer dependency error, because I'm using B with a version of A that it is potentially incompatible with.
Therefore, my best guess as to what this error message could mean is that some package I depend upon has a peer dependency on #angular/localize version spec ^11.0.0 || ^11.2.0-next, but this spec does not match the version of #angular/localize I have installed.
When I look at my package-lock.json, I do see that the node_modules/#angular-devkit/build-angular entry has an entry "#angular/localize": "^11.0.0 || ^11.2.0-next" in its peerDependencies.
However, this is the only mention of #angular/localize anywhere in this file -- or indeed in package.json. I haven't explicitly requested for it to be installed. Furthermore, it is marked as "optional": true in the peerDependenciesMeta of node_modules/#angular-devkit/build-angular. So it's surprising to see an error message related to it.
The error mentions that the specific conflicting peer dependency is #angular/localize#11.2.10. I don't see where that version number is coming from. But regardless, it actually seems to match the dependency specification underneath: if I go to semver.npmjs.com and type in #angular/localize as the package and ^11.0.0 || ^11.2.0-next as the version range, I see version 11.2.10 of the package highlighted in green, indicating that it matches the range.
So I'd really appreciate some help understanding in detail what this error message is telling me. I don't know why npm is trying to install 11.2.10 of #angular/localize, or why it thinks this conflicts with the peer dependency specification of #angular-devkit/build-angular. It feels like I might be misunderstanding this message completely.
I'm guessing this boils down to some kind of incompatibility between the latest published versions of some of the Angular packages. If anyone has any pointers on how this particular error should be fixed, that would be great -- but I'm much more interested in simply understanding what the error message is telling me, so I can work it out for myself.
Recommendation:
Check out Yarn.
I was able to circumvent the issue in NPM by using Yarn instead of NPM. Yarn is basically a wrapper utility around NPM that adds extra features, which are super useful. It's especially helpful for managing NPM dependencies better.
For instance, it can check if a package is already installed on your machine for another project, directly or as a sub dependency, and can reuse that installed version rather than re-installing a copy of the same package; saves space and makes for faster installations, especially with some of the most common dependencies.
So, due to the optimized way Yarn handles dependencies, I think it helps avoid this issue faced by the OP.
Resolution:
First, delete the node_modules folder in your project.
Yarn will complain about any package-lock.json files, so delete that too (or back it up, then delete it). Do not delete package.json, yarn will need that.
Simply install yarn: npm i yarn (you could do this globally, too).
Then run yarn install in your project directory.
Reading through this GitHub issue, it appears my interpretation of the error message was correct, and that this is in fact a bug in npm.
This appears to have been reported as npm/cli/issues/3083; a fix has been merged, so I guess we just have to wait until it gets included in some upcoming npm release.
I keep receiving this error in atom when I try to install the linter-eslint package;
npm WARN deprecated core-js#2.6.12: core-js#<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js#3.
npm WARN deprecated sb-memoize#1.0.2: No longer maintained - Use lodash probably
npm ERR! Unexpected end of JSON input while parsing near '...7.0.0-alpha.16","babe'
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\Kanji\.atom\.apm\_logs\2021-01-03T19_21_12_164Z-debug.log
PLEASE HELP.