NPM Workspaces installing packages into a workspace/node_modules - npm

I have workspaces configured and working.
When I install from the root, sometimes packages are installed in the root and sometimes they are installed in the workspace node_modules.
When and how does NPM choose to install a package at the root/node_modules vs a workspace/node_modules?

It turns out, when two packages rely on the same module with a compatible version number in the dependencies, npm (with workspaces) will install the package only in root/node_modules. Otherwise, it will install in the node_modules of package(s).
In this example the same react-dom version is shared between packages:
customer-ui#1.0.0 /home/ubuntu/name/customer-ui
├─┬ components#0.15.0 -> ./packages/components
│ ├─┬ react-cosmos#5.7.2
│ │ └─┬ react-cosmos-shared2#5.7.1
│ │ └─┬ react-element-to-jsx-string#14.3.4
│ │ └── react-dom#17.0.2 deduped
│ ├── react-dom#17.0.2
│ ├─┬ react-modal#3.15.1
│ │ └── react-dom#17.0.2 deduped
│ ├─┬ react-to-print#2.14.7
│ │ └── react-dom#17.0.2 deduped
│ └─┬ styled-components#5.3.5
│ └── react-dom#17.0.2 deduped
└─┬ embedded#0.1.0 -> ./packages/embedded
└── react-dom#17.0.2 deduped
And npm installed it only in the root/node_modules dir:
❯ ls node_modules/react-dom
LICENSE build-info.json index.js profiling.js server.js test-utils.js
README.md cjs package.json server.browser.js server.node.js umd
❯ ls packages/embedded/node_modules/react-dom
ls: cannot access 'packages/embedded/node_modules/react-dom': No such file or directory
❯ ls packages/components/node_modules/react-dom
ls: cannot access 'packages/components/node_modules/react-dom': No such file or directory
However, for a package with incompatible version between packages, it's different:
❯ npm ls argparse
customer-ui#1.0.0 /home/ubuntu/name/customer-ui
├─┬ #components#0.15.0 -> ./packages/components
│ └─┬ eslint#8.17.0
│ └─┬ js-yaml#4.1.0
│ └── argparse#2.0.1
└─┬ embedded#0.1.0 -> ./packages/embedded
├─┬ eslint#6.8.0
│ └─┬ js-yaml#3.14.1
│ └── argparse#1.0.10
├─┬ jest-preset-preact#4.0.5
│ └─┬ babel-jest#27.5.1
│ └─┬ babel-plugin-istanbul#6.1.1
│ └─┬ #istanbuljs/load-nyc-config#1.1.0
│ └─┬ js-yaml#3.14.1
│ └── argparse#1.0.10
└─┬ microbundle#0.12.4
├─┬ cssnano#4.1.11
│ ├─┬ cosmiconfig#5.2.1
│ │ └─┬ js-yaml#3.14.1
│ │ └── argparse#1.0.10
│ └─┬ cssnano-preset-default#4.0.8
│ └─┬ postcss-svgo#4.0.3
│ └─┬ svgo#1.3.2
│ └─┬ js-yaml#3.14.1
│ └── argparse#1.0.10
└─┬ rollup-plugin-postcss#2.9.0
└─┬ postcss-load-config#2.1.2
└─┬ cosmiconfig#5.2.1
└─┬ js-yaml#3.14.1
└── argparse#1.0.10
embedded package demands argparse#1.0.10 and embedded demands argparse#2.0.1.
For these, npm installs them in multiple places:
❯ ls node_modules/argparse
CHANGELOG.md LICENSE README.md argparse.js lib package.json
❯ ls packages/components/argparse
ls: cannot access 'packages/components/argparse': No such file or directory
❯ ls packages/embedded/node_modules/argparse
CHANGELOG.md LICENSE README.md index.js lib package.json
In case it helps, this is a snippet of root/package.json:
{
"name": "customer-ui",
"version": "1.0.0",
"workspaces": [
"packages/*"
]
}
Thanks to #Stf_F for answering this in the comment above.

Related

Using pnpm to install create react app shows warning

When installing dependencies for a create-react app(version 5.0.0) using pnpm dlx and pnpm import, i get a warning that peer dependencies should be installed. The dev environment for react spins up just fine. This warn message does not show up when using npx. How can i fix this warn message other than installing the peer dependencies?. Thanks in advance.
What i did:
Create react app using pnpm dlx in the command-line
pnpm dlx create-react-app ./temp-app
The above step created a package-lock.json file. So, to create pnpm's lock file,
pnpm import package-lock.json
This created a pnpm-lock.yaml file with a warn message as below
 WARN  Issues with peer dependencies found
.
├─┬ #testing-library/user-event
│ └── ✕ missing peer #testing-library/dom#>=7.21.4
└─┬ react-scripts
├── ✕ missing peer typescript#"^3.2.1 || ^4"
├─┬ eslint-config-react-app
│ ├─┬ #typescript-eslint/eslint-plugin
│ │ ├── ✕ missing peer typescript#"*"
│ │ └─┬ #typescript-eslint/experimental-utils
│ │ └─┬ #typescript-eslint/typescript-estree
│ │ ├── ✕ missing peer typescript#"*"
│ │ └─┬ tsutils
│ │ └── ✕ missing peer typescript#">=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta"
│ ├─┬ #typescript-eslint/parser
│ │ └── ✕ missing peer typescript#"*"
│ └─┬ eslint-plugin-flowtype
│ ├── ✕ missing peer #babel/plugin-syntax-flow#^7.14.5
│ └── ✕ missing peer #babel/plugin-transform-react-jsx#^7.14.9
├─┬ react-dev-utils
│ └─┬ fork-ts-checker-webpack-plugin
│ └── ✕ missing peer typescript#">= 2.7"
└─┬ tailwindcss
└── ✕ missing peer autoprefixer#^10.0.2
Peer dependencies that should be installed:
#babel/plugin-syntax-flow#^7.14.5 #testing-library/dom#>=7.21.4 typescript#">=3.2.1 <4.0.0 || >=4.0.0 <5.0.0"
#babel/plugin-transform-react-jsx#^7.14.9 autoprefixer#^10.0.2
You need to install those dependencies too if this warning shows up.
Copy all the packages listed below Peer dependencies that should be installed: and type this command:
pnpm add your-dependencies-list
and replace the your-dependencies-list with all the list of peer dependencies which were listed.
One thing to note is for example if you were trying to add a dependency as a dev dependency and then this warning showed up, then you'll need to execute the above command but you'll need to add a -D or --dev flag before the packages so that it adds them as dev dependency.
Same issue occurred with me when i tried installing parcel as a dev dependency
Progress: resolved 318, reused 318, downloaded 0, added 0, done
 WARN  Issues with peer dependencies found
.
└─┬ parcel
└─┬ #parcel/config-default
├─┬ #parcel/optimizer-htmlnano
│ └─┬ htmlnano
│ └── ✕ missing peer postcss#^8.3.11
└─┬ #parcel/transformer-postcss
└─┬ postcss-modules
├── ✕ missing peer postcss#^8.0.0
├─┬ postcss-modules-extract-imports
│ └── ✕ missing peer postcss#^8.1.0
├─┬ postcss-modules-local-by-default
│ ├── ✕ missing peer postcss#^8.1.0
│ └─┬ icss-utils
│ └── ✕ missing peer postcss#^8.1.0
├─┬ postcss-modules-scope
│ └── ✕ missing peer postcss#^8.1.0
└─┬ postcss-modules-values
└── ✕ missing peer postcss#^8.1.0
Peer dependencies that should be installed:
postcss#">=8.3.11 <9.0.0"
so i ran the following command:
pnpm add -D postcss#">=8.3.11 <9.0.0"
and hurray
Packages: +5 -11
+++++-----------
Progress: resolved 891, reused 891, downloaded 0, added 5, done
devDependencies:
- parcel 2.2.1
+ parcel 2.2.1
+ postcss 8.4.5
Everything worked out!

Arbitrary File Overwrite: tar npm audit

It said,
found 4 high severity vulnerabilities in 891002 scanned packages
4 vulnerabilities require manual review. See the full report for details.
how to make 0 vulnerabilities?
I also do "npm audit fix" and I put "--force", but it didn't work.
and,
when I do "npm audit",
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.4.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > libcipm > npm-lifecycle > node-gyp > tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.4.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > libnpm > npm-lifecycle > node-gyp > tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.4.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > node-gyp > tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Overwrite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.4.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ npm │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ npm > npm-lifecycle > node-gyp > tar │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/803 │
└───────────────┴──────────────────────────────────────────────────────────────┘
And I'm using at react & electron.
when I installed font awesome, this error appeared.
So, I removed the font awesome, but it didn't change anything
I had the same problem with my ionic project.
This Link Helped me to get rid this.
In package-lock.json replace the following section
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/tar/-/tar-2.2.1.tgz",
"integrity": "sha1-jk0qJWwOIYXGsYrWlK7JaLg8sdE=",
with
"version": "4.4.8",
"resolved": "https://registry.npmjs.org/tar/-/tar-4.4.8.tgz",
"integrity": "sha512-LzHF64s5chPQQS0IYBn9IN5h3i98c12bo4NCO7e0sGM2llXQ3p2FGC5sdENN4cTW48O915Sh+x+EXx7XW96xYQ==",
Then run
sudo rm -fr node_modules
and
npm install
By following this method I got rid of the warnings.
Hope this works for you!
for whatever packages you are getting vulnerabilities, change package version inside package-lock.json to the recommended version, remove node_modules and run npm i.
for fstream for e.g :
in package-lock.json from:
"fstream": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.1.tgz",
"integrity": "sha512-WvJ193OHa0GHPEL+AycEJgxvBEwyfRkN1vhjca23OaPVMCaLCXTd5qAu82AjTcgP1UJmytkOKb63Ypde7raDIg=="
}
to:
"fstream": {
"version": "1.0.12",
"resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.12.tgz",
"integrity": "sha512-WvJ193OHa0GHPEL+AycEJgxvBEwyfRkN1vhjca23OaPVMCaLCXTd5qAu82AjTcgP1UJmytkOKb63Ypde7raDIg=="
}
delete node_modules:
rm node_modules
then:
npm i

npm cant change Jasmine package version

if I run npm view jasmine version or npm view jasmine version -g from ~ the version returned is 3.3.1
I need the version to be 2.8.0 so i try to downgrade with npm install jasmine#2.8.0 -g but npm view jasmine version is still 3.3.1
Now if i do npm list -g i see the correct version for jasmine (2.8.0)... So where is the 3.3.1 coming from?
├─┬ jasmine#2.8.0
│ ├── exit#0.1.2
│ ├─┬ glob#7.1.3
│ │ ├── fs.realpath#1.0.0
│ │ ├─┬ inflight#1.0.6
│ │ │ ├── once#1.4.0 deduped
│ │ │ └── wrappy#1.0.2
│ │ ├── inherits#2.0.3
│ │ ├─┬ minimatch#3.0.4
│ │ │ └─┬ brace-expansion#1.1.11
│ │ │ ├── balanced-match#1.0.0
│ │ │ └── concat-map#0.0.1
│ │ ├─┬ once#1.4.0
│ │ │ └── wrappy#1.0.2 deduped
│ │ └── path-is-absolute#1.0.1
│ └── jasmine-core#2.8.0
Understanding the npm view command:
When you run either of the following npm view commands:
npm view jasmine version
or
npm view jasmine version -g
you are sending a GET request to the npm registry. More specifically you are sending a request to the following endpoint:
https://registry.npmjs.org/jasmine
You can verify this by appending the -d option to your command for additional logging information. For instance, if you run;
npm view jasmine version -d
you'll see additional information in your log which includes something like the following:
npm http request GET https://registry.npmjs.org/jasmine
Note: This line above indicates the endpoint which your view command is making the request to.
So where is the 3.3.1 coming from?
3.3.1 is the latest version of the jasmine package available in the npm registry. The result of any view command does not indicate information about packages installed on your system, instead it returns information (metadata) about packages held in the npm registry.
You'll continue to see version 3.3.1 logged to your console when running;
npm view jasmine version
(from any directory location on your system), until a newer version of jasmine is published to the npm registry.
Additional Notes:
The two npm commands that you are running, namely:
npm view jasmine version
and
npm view jasmine version -g
are effectively the same command. The view command does not provide a -g option. The -g option is simply being ignored.
The npm list command, (as you've already discovered), should be utilized for retrieving information about packages that are installed on your system. Hence that why its indicating your expected result(s).

listing npm local modules produces missing errors

i'm creating new reactjs application using npx create-react-app my-react.
everything goes well but when list local modules in my-react folder using npm ls --depth=0 there are some missing errors from npm :
my-react#0.1.0 /tmp/my-react
├── react#16.6.3
├── react-dom#16.6.3
└── react-scripts#2.1.1
npm ERR! missing: mkdirp#0.5.1, required by node-pre-gyp#0.10.0
npm ERR! missing: minimist#0.0.8, required by mkdirp#0.5.1
npm ERR! missing: minimatch#3.0.4, required by ignore-walk#3.0.1
npm ERR! missing: brace-expansion#1.1.11, required by minimatch#3.0.4
npm ERR! missing: balanced-match#1.0.0, required by brace-expansion#1.1.11
npm ERR! missing: concat-map#0.0.1, required by brace-expansion#1.1.11
npm ERR! missing: console-control-strings#1.1.0, required by npmlog#4.1.2
npm ERR! missing: inherits#2.0.3, required by readable-stream#2.3.6
npm ERR! missing: safe-buffer#5.1.1, required by readable-stream#2.3.6
npm ERR! missing: safe-buffer#5.1.1, required by string_decoder#1.1.1
npm ERR! missing: console-control-strings#1.1.0, required by gauge#2.7.4
npm ERR! missing: string-width#1.0.2, required by gauge#2.7.4
npm ERR! missing: strip-ansi#3.0.1, required by gauge#2.7.4
npm ERR! missing: code-point-at#1.1.0, required by string-width#1.0.2
npm ERR! missing: is-fullwidth-code-point#1.0.0, required by string-width#1.0.2
npm ERR! missing: strip-ansi#3.0.1, required by string-width#1.0.2
npm ERR! missing: number-is-nan#1.0.1, required by is-fullwidth-code-point#1.0.0
npm ERR! missing: ansi-regex#2.1.1, required by strip-ansi#3.0.1
npm ERR! missing: string-width#1.0.2, required by wide-align#1.1.2
npm ERR! missing: inherits#2.0.3, required by glob#7.1.2
npm ERR! missing: minimatch#3.0.4, required by glob#7.1.2
npm ERR! missing: once#1.4.0, required by glob#7.1.2
npm ERR! missing: once#1.4.0, required by inflight#1.0.6
npm ERR! missing: wrappy#1.0.2, required by inflight#1.0.6
npm ERR! missing: wrappy#1.0.2, required by once#1.4.0
npm ERR! missing: minipass#2.2.4, required by tar#4.4.1
npm ERR! missing: mkdirp#0.5.1, required by tar#4.4.1
npm ERR! missing: safe-buffer#5.1.1, required by tar#4.4.1
npm ERR! missing: yallist#3.0.2, required by tar#4.4.1
npm ERR! missing: minipass#2.2.4, required by fs-minipass#1.2.5
npm ERR! missing: safe-buffer#5.1.1, required by minipass#2.2.4
npm ERR! missing: yallist#3.0.2, required by minipass#2.2.4
npm ERR! missing: minipass#2.2.4, required by minizlib#1.1.0
I just ran into this as well, and did some looking. It seems to be an issue with the current way npm handles Optional Dependencies. If you do a full npm list, you'll find the culprit is fsevents.
UNMET OPTIONAL DEPENDENCY fsevents#1.2.4
│ ├── UNMET OPTIONAL DEPENDENCY nan#2.12.1
│ └─┬ UNMET OPTIONAL DEPENDENCY node-pre-gyp#0.10.0
│ ├── UNMET OPTIONAL DEPENDENCY detect-libc#1.0.3
│ ├─┬ UNMET DEPENDENCY mkdirp#0.5.1
│ │ └── UNMET DEPENDENCY minimist#0.0.8
│ ├─┬ UNMET OPTIONAL DEPENDENCY needle#2.2.0
│ │ ├─┬ UNMET OPTIONAL DEPENDENCY debug#2.6.9
│ │ │ └── UNMET OPTIONAL DEPENDENCY ms#2.0.0
│ │ ├─┬ UNMET OPTIONAL DEPENDENCY iconv-lite#0.4.21
│ │ │ └── UNMET OPTIONAL DEPENDENCY safer-buffer#2.1.2
│ │ └── UNMET OPTIONAL DEPENDENCY sax#1.2.4
│ ├─┬ UNMET OPTIONAL DEPENDENCY nopt#4.0.1
│ │ ├── UNMET OPTIONAL DEPENDENCY abbrev#1.1.1
│ │ └─┬ UNMET OPTIONAL DEPENDENCY osenv#0.1.5
│ │ ├── UNMET OPTIONAL DEPENDENCY os-homedir#1.0.2
│ │ └── UNMET OPTIONAL DEPENDENCY os-tmpdir#1.0.2
│ ├─┬ UNMET OPTIONAL DEPENDENCY npm-packlist#1.1.10
│ │ ├─┬ UNMET OPTIONAL DEPENDENCY ignore-walk#3.0.1
│ │ │ └─┬ UNMET DEPENDENCY minimatch#3.0.4
│ │ │ └─┬ UNMET DEPENDENCY brace-expansion#1.1.11
│ │ │ ├── UNMET DEPENDENCY balanced-match#1.0.0
│ │ │ └── UNMET DEPENDENCY concat-map#0.0.1
│ │ └── UNMET OPTIONAL DEPENDENCY npm-bundled#1.0.3
│ ├─┬ UNMET OPTIONAL DEPENDENCY npmlog#4.1.2
│ │ ├─┬ UNMET OPTIONAL DEPENDENCY are-we-there-yet#1.1.4
│ │ │ ├── UNMET OPTIONAL DEPENDENCY delegates#1.0.0
│ │ │ └─┬ UNMET OPTIONAL DEPENDENCY readable-stream#2.3.6
│ │ │ ├── UNMET OPTIONAL DEPENDENCY core-util-is#1.0.2
│ │ │ ├── UNMET DEPENDENCY inherits#2.0.3
│ │ │ ├── UNMET OPTIONAL DEPENDENCY isarray#1.0.0
│ │ │ ├── UNMET OPTIONAL DEPENDENCY process-nextick-args#2.0.0
│ │ │ ├── UNMET DEPENDENCY safe-buffer#5.1.1
│ │ │ ├─┬ UNMET OPTIONAL DEPENDENCY string_decoder#1.1.1
│ │ │ │ └── UNMET DEPENDENCY safe-buffer#5.1.1
│ │ │ └── UNMET OPTIONAL DEPENDENCY util-deprecate#1.0.2
│ │ ├── UNMET DEPENDENCY console-control-strings#1.1.0
│ │ ├─┬ UNMET OPTIONAL DEPENDENCY gauge#2.7.4
│ │ │ ├── UNMET OPTIONAL DEPENDENCY aproba#1.2.0
│ │ │ ├── UNMET DEPENDENCY console-control-strings#1.1.0
│ │ │ ├── UNMET OPTIONAL DEPENDENCY has-unicode#2.0.1
│ │ │ ├── UNMET OPTIONAL DEPENDENCY object-assign#4.1.1
│ │ │ ├── UNMET OPTIONAL DEPENDENCY signal-exit#3.0.2
│ │ │ ├─┬ UNMET DEPENDENCY string-width#1.0.2
│ │ │ │ ├── UNMET DEPENDENCY code-point-at#1.1.0
│ │ │ │ ├─┬ UNMET DEPENDENCY is-fullwidth-code-point#1.0.0
│ │ │ │ │ └── UNMET DEPENDENCY number-is-nan#1.0.1
│ │ │ │ └── UNMET DEPENDENCY strip-ansi#3.0.1
│ │ │ ├─┬ UNMET DEPENDENCY strip-ansi#3.0.1
│ │ │ │ └── UNMET DEPENDENCY ansi-regex#2.1.1
│ │ │ └─┬ UNMET OPTIONAL DEPENDENCY wide-align#1.1.2
│ │ │ └── UNMET DEPENDENCY string-width#1.0.2
│ │ └── UNMET OPTIONAL DEPENDENCY set-blocking#2.0.0
│ ├─┬ UNMET OPTIONAL DEPENDENCY rc#1.2.7
│ │ ├── UNMET OPTIONAL DEPENDENCY deep-extend#0.5.1
│ │ ├── UNMET OPTIONAL DEPENDENCY ini#1.3.5
│ │ ├── UNMET OPTIONAL DEPENDENCY minimist#1.2.0
│ │ └── UNMET OPTIONAL DEPENDENCY strip-json-comments#2.0.1
│ ├─┬ UNMET OPTIONAL DEPENDENCY rimraf#2.6.2
│ │ └─┬ UNMET OPTIONAL DEPENDENCY glob#7.1.2
│ │ ├── UNMET OPTIONAL DEPENDENCY fs.realpath#1.0.0
│ │ ├─┬ UNMET OPTIONAL DEPENDENCY inflight#1.0.6
│ │ │ ├── UNMET DEPENDENCY once#1.4.0
│ │ │ └── UNMET DEPENDENCY wrappy#1.0.2
│ │ ├── UNMET DEPENDENCY inherits#2.0.3
│ │ ├── UNMET DEPENDENCY minimatch#3.0.4
│ │ ├─┬ UNMET DEPENDENCY once#1.4.0
│ │ │ └── UNMET DEPENDENCY wrappy#1.0.2
│ │ └── UNMET OPTIONAL DEPENDENCY path-is-absolute#1.0.1
│ ├── UNMET OPTIONAL DEPENDENCY semver#5.5.0
│ └─┬ UNMET OPTIONAL DEPENDENCY tar#4.4.1
│ ├── UNMET OPTIONAL DEPENDENCY chownr#1.0.1
│ ├─┬ UNMET OPTIONAL DEPENDENCY fs-minipass#1.2.5
│ │ └── UNMET DEPENDENCY minipass#2.2.4
│ ├─┬ UNMET DEPENDENCY minipass#2.2.4
│ │ ├── UNMET DEPENDENCY safe-buffer#5.1.1
│ │ └── UNMET DEPENDENCY yallist#3.0.2
│ ├─┬ UNMET OPTIONAL DEPENDENCY minizlib#1.1.0
│ │ └── UNMET DEPENDENCY minipass#2.2.4
│ ├── UNMET DEPENDENCY mkdirp#0.5.1
│ ├── UNMET DEPENDENCY safe-buffer#5.1.1
│ └── UNMET DEPENDENCY yallist#3.0.2
fsevents (https://www.npmjs.com/package/fsevents) states that it is only needed for the OS X operating system, so if you're on Linux for example, npm doesn't install it, but then also reports that as an error (?). The behavior is confusing. But it should stay in package.json because if someone installs your code on a mac, fsevents would be needed.
There was a PR for this against the npm repository to turn the platform dependency logs down to info, but it seems to have gotten abandoned when the devs switched npm to a new repo :\
For now, you can safely ignore it (and hopefully get your build system to ignore it as well), or switch to yarn.

why doesn't gulp run when installed globally?

I install gulp using npm install -g gulp
[npm WARN deprecation warnings redacted]
/usr/local/bin/gulp -> /usr/local/lib/node_modules/gulp/bin/gulp.js
/usr/local/lib
└── gulp#3.9.1
When I try to run the gulp command I get:
gulp
[19:42:23] Local gulp not found in ~/javascript
[19:42:23] Try running: npm install gulp
But when I install another npm package globally, it works. For instance when I install create-react-app like so:
npm install -g create-react-app
/usr/local/bin/create-react-app -> /usr/local/lib/node_modules/create-react-app/index.js
/usr/local/lib
└─┬ create-react-app#0.2.0
├─┬ chalk#1.1.3
│ ├── ansi-styles#2.2.1
│ ├── escape-string-regexp#1.0.5
│ ├─┬ has-ansi#2.0.0
│ │ └── ansi-regex#2.0.0
│ ├── strip-ansi#3.0.1
│ └── supports-color#2.0.0
├─┬ cross-spawn#4.0.0
│ ├─┬ lru-cache#4.0.1
│ │ ├── pseudomap#1.0.2
│ │ └── yallist#2.0.0
│ └─┬ which#1.2.10
│ └── isexe#1.1.2
├── minimist#1.2.0
└── semver#5.3.0
When I run the command after installation it works:
create-react-app
Usage: create-react-app <project-directory> [--verbose]
Is there any reason why gulp would screw out?
You have to install the Gulp CLI to get the command line to work npm install -g gulp-cli