I'm setting up a GitHub action to automatically lint and test every commit. Unfortunately, the action always fails when npm is installing the dependencies.
In short, I think something's messed up with the package-lock.json and I need to regenerate it, somehow. Any ideas?
The error
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/fsevents/-/fsevents-2.2.3.tgz
npm ERR! 404
npm ERR! 404 'fsevents#2.2.1' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2021-01-08T07_29_59_535Z-debug.log
I believe that's a result of this section of the package-lock.json
"fsevents": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.2.3.tgz",
"integrity": "sha512-bTLYHSeC0UH/EFXS9KqWnXuOl/wHK5Z/d+ghd5AsFMYN7wIGkUCOJyzy88+wJKkZPGON8u4Z9f6U4FdgURE9qA==",
"dev": true,
"optional": true
}
Notice how the URL is different than the version number. Fsevents never had a v2.2.3, only v2.2.2.
Fsevents is not a direct dependency of this project (i.e., it's not in the package.json).
Debug steps
I've tried:
npm update
npm audit fix
deleting the package-lock.json, then npm install
npm install --package-lock
manually editing the package-lock.json, but it just reverts back after an npm install
on my computer (macOS Big Sur, Intel), I did rm -rf node_modules && npm install, but I have any issues installing or running the tests
on my computer, I tried npm ci just like the action, no error or issues
The GitHub action
In case it makes a difference, here's the GitHub action:
name: Continuous integration
on: [push]
jobs:
test-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 14
- run: npm ci
- run: npm run lint
- run: npm run test
The error occurs on the npm ci step.
[Update]: I also tried the Github Action on macOS with runs-on: macos-latest. Same error.
Turns out I needed to both delete the node_modules and package-lock.json. Doing only one of the two didn't work.
rm -rm node_modules
rm package-lock.json
npm i
Related
I am maintaining my first npm package so this might be an error on my part. Once build my package and commit it to git the next step is:
$ npm version patch
$ npm publish
The output (abridged) is as follows:
npm notice
npm notice 📦 #mememe/p3-model#0.7.2
npm notice === Tarball Contents ===
npm notice 188B README.md
npm notice 4.5kB dist/doc.d.ts
(etc)
npm notice 792B package.json
npm notice === Tarball Details ===
npm notice name: #mememe/p3-model
npm notice version: 0.7.2
npm notice filename: #mememe/p3-model-0.7.2.tgz
npm notice package size: 6.2 kB
npm notice unpacked size: 23.2 kB
npm notice shasum: cb5588ee626efc21532845c608fdb05a5fcd4db3
npm notice integrity: sha512-s7IK2HSXCNTUk[...]ZHxDgAOIr4Cnw==
npm notice total files: 11
npm notice
npm notice Publishing to https://registry.npmjs.org/
⸨⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⸩ ⠇ : notice Publishing to https://registry.npmjs.org/
So far so good. But then somehow it attempts to publish again and gets an error that I am publishing on top of an old version. The output continues:
> #mememe/p3-model#0.7.2 publish
> npm publish
npm notice ⠂⠂⠂⠂⠂⠂⠂⠂⸩ ⠇ : notice Publishing to https://registry.npmjs.org/
npm notice 📦 #mememe/p3-model#0.7.2
npm notice === Tarball Contents ===
npm notice 188B README.md
npm notice 4.5kB dist/doc.d.ts
npm notice 6.5kB dist/doc.js
(etc)
npm notice === Tarball Details ===
npm notice name: #mememe/p3-model
npm notice version: 0.7.2
npm notice filename: #mememe/p3-model-0.7.2.tgz
npm notice package size: 6.2 kB
npm notice unpacked size: 23.2 kB
npm notice shasum: cb5588ee626efc21532845c608fdb05a5fcd4db3
npm notice integrity: sha512-s7IK2HSXCNTUk[...]ZHxDgAOIr4Cnw==
npm notice total files: 11
npm notice
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/#mememe%2fp3-model - You cannot publish over the previously published versions: 0.7.2.
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
⸨⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⠂⸩ ⠇ : notice Publishing to https://registry.npmjs.org/
npm ERR! A complete log of this run can be found in:
I only entered the npm publish command once. Is there some action of this command (perhaps an option in package.json) that would cause this?
The correct package gets published and I can use it in other projects. But this error is a bit disconcerting. Any suggestions?
I had the same issue and just solved it.
My problem was, that i had defined a script with publish in my package.json, so it was fired after/before again.
The idea behind that was to have a hint (like a command list) about the commands i use for building, testing, generating documentation and publishing. But unfortunately then the command was fired twice all the time.
In my case, the package.json looked like this:
{
"name": "my-package",
"version": "1.0.0",
"scripts": {
"build": "echo here could be a build job",
"test": "jasmine",
"publish": "npm publish"
}
Check your package.json for a entry at scripts which key is named publish. If you have an entry with the key publish, then remove this line entirely or use a different key for your script.
I am using Visual Studio Code on MacOS latest version.
I am getting many errors when I try to run npm start that I have posted in a separate question here:
unable to solve error code 1 when running"npm install"
I thought to install all possible modules again to solve the issue when I try to run:
npm i -g npm
I even get errors that part of that is copied here:
ERR! code 1
npm ERR! git dep preparation failed
npm ERR! command /usr/local/lib/node_modules/node/bin/node
/usr/local/lib/node_modules/npm/bin/npm-cli.js install --force --
cache=/Users/afshinshahpari/.npm --prefer-offline=false --prefer-online=false --
offline=false --no-progress --no-save --no-audit --include=dev --include=peer --
include=optional --no-package-lock-only --no-dry-run
npm ERR! npm WARN using --force Recommended protections disabled.
npm ERR! npm WARN old lockfile
npm ERR! npm WARN old lockfile The package-lock.json file was created with an old
version of npm,
npm ERR! npm WARN old lockfile so supplemental metadata must be fetched from the
registry.
npm ERR! npm WARN old lockfile
npm ERR! npm WARN old lockfile This is a one-time fix-up, please be patient...
npm ERR! npm WARN old lockfile
npm ERR! npm WARN deprecated fsevents#1.2.11: fsevents 1 will break on node v14+ and
could be using insecure binaries. Upgrade to fsevents 2.
I tried to fix the issue using this article:
npm ERR! git dep preparation failed when trying to install package.json
but when running "npm audit fix" i get a new set of errors:
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/afshinshahpari/.npm/_logs/2021-08-16T12_46_15_639Z-debug.log
in order to solve it, I used
npm i --package-lock-only
but no success.
Here's the solution bro try this.
Step 1:
$ npm cache clean --force
Step 2
Delete node_modules by
$ rm -rf node_modules package-lock.json folder
or delete it manually by going into the directory and right-click > delete / move to trash. Also, delete package-lock.json file too.
Step 3
npm install
To start again,
$ npm start
This worked for me. Hopes it works for you too.
PS: If it is still there, kindly check the error it is displaying in red and act accordingly. This error is specific to Node.js environment.
It's pretty straight forward to install a package from a private registry:
npm install my-package --registry https://<private-registry-url>
This will add an entry to the package-lock.json:
"my-package": {
"version": "1.0.0",
"resolved": "https://<private-registry-url>/<some_path>/my-package-1.0.0.tgz",
"integrity": "sha1-Pjs/y9sEp49/OC8+8eEZFdwT3BQ="
},
So far so good, everything as expected.
The problem now is when you want to install all npm packages from a different device using npm install. This will fail with following error:
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/my-package - Not found
npm ERR! 404
npm ERR! 404 'my-package#1.0.0' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of 'app'
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\<user>\AppData\Roaming\npm-cache\_logs\2019-08-06T08_33_05_103Z-debug.log
So it tries to fetch my-package from the public npm registry (https://registry.npmjs.org/my-package), but of course fails because my-package is located in the private registry.
Now this really breaks my understanding of package-lock.json..
Shouldn't npm look in the package-lock.json to see where the packages were resolved before? Instead it just assumes that it has to be in the public registry..
The other funny thing is, that it works once you manually installed the package with the --registry flag again:
npm install my-package --registry https://<private-registry-url> && npm i
And after that it will work everytime until you upgrade the version of my-package or switch the device..
I also tried npm ci command but without success (same error).
So how to properly install packages from private registries, so they can easily be installed on any other device using npm install?
I want to publish a private npm package with Gitlab CI.
I've created an auth token for my npm user and set it as a variable NPM_TOKEN in my Gitlab CI settings.
The job then creates an .npmrc file with the registry and the auth token.
- npm run build && npm run build:es6
- echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}'>.npmrc
- npm publish
The job fails with this message:
npm ERR! code ENEEDAUTH
npm ERR! need auth auth required for publishing
npm ERR! need auth You need to authorize this machine using `npm adduser`
Is it possible to publish with only an auth token?
As #Amityo said, rather than manually editing the npmrc file,
npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
is the way to go, because otherwise you may be editing the wrong npmrc file.
If you are still getting an authentication error, and are certain that the token is correct, check your registry URL. You can run
npm publish --verbose
whose output will includes lines like
npm verb getPublishConfig { registry: 'https://.......' }
npm verb mapToRegistry no registry URL found in name for scope #boxine
npm verb publish registryBase https://.......
If you are publishing to npmjs.org, the URL (....... above) should be https://registry.npmjs.org/ .
If this registry URL does not fit, look in your npmrc file for a different one. Also make sure you didn't override the registry in your package.json file! You can search for publishConfig in that file.
To elaborate slightly on #phihag's answer, forward slashes are very important.
At first I kept getting 404 not found
$ npm publish
...
...
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://gitlab.company.com/api/v4/packages/npm/%2fmypackage - 404 Not Found
npm ERR! 404
npm ERR! 404 '#scope/mypackage#0.1.0' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
I am using 2FA so as the gitlab docs state, I need to use a personal access token set to api to authenticate. In another part of the gitlab docs it states
Some features such as publishing a package is only available on the project-level endpoint.
So in console I tried to publish to and authenticate at the project level
$ npm config set #scope:registry https://gitlab.company.com/api/v4/projects/123/packages/npm
$ npm config set //gitlab.company.com/api/v4/projects/123/packages/npm:_authToken 'MyGeneratedAccessToken'
Which eliminated my first issue of 404 not found, but now I couldn't authenticate.
For hours.
$ npm publish --verbose
npm verb cli [ '/usr/local/bin/node', '/usr/local/bin/npm', 'publish', '--verbose' ]
npm info using npm#7.11.2
npm info using node#v15.11.0
...
...
npm verb publish [ '.' ]
npm notice
npm notice 📦 #scope/mypackage#0.1.0
npm notice === Tarball Contents ===
npm notice 214B README.md
npm notice 1.1kB package.json
npm notice === Tarball Details ===
npm notice name: #scope/mypackage
npm notice version: 0.1.0
npm notice filename: #scope/mypackage-0.1.0.tgz
npm notice package size: 764 B
npm notice unpacked size: 1.3 kB
npm notice shasum: c22a42756de43e282da01f33c7d5da4940c7d1d7
npm notice integrity: sha512-l/P2cr52Lle7h[...]isu3rDME3lYuQ==
npm notice total files: 2
npm notice
npm verb stack Error: This command requires you to be logged in.
npm verb stack at Publish.publish (/usr/local/lib/node_modules/npm/lib/publish.js:104:29)
npm verb cwd /home/user/Workspace/mypackage
npm verb Linux 5.8.0-43-generic
npm verb argv "/usr/local/bin/node" "/usr/local/bin/npm" "publish" "--verbose"
npm verb node v15.11.0
npm verb npm v7.11.2
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm verb exit 1
npm timing npm Completed in 352ms
npm verb code 1
npm ERR! A complete log of this run can be found in:
npm ERR! /home/user/.npm/_logs/2021-05-12T11_23_19_273Z-debug.log
As you can see, npm publish --verbose isn't being helpful in telling me the URL i'm trying to publish to. Checking the documentation again showed I was missing the trailing slashes after 'packages/npm'.
With the trailing slashes, I was able to publish to the gitlab npm package repository for that project
$ npm config set #scope:registry https://gitlab.company.com/api/v4/projects/123/packages/npm/
$ npm config set //gitlab.company.com/api/v4/projects/123/packages/npm/:_authToken 'MyGeneratedAccessToken'
And for all packages I use
$ npm config set #scope:registry https://gitlab.company.com/api/v4/packages/npm/
$ npm config set //gitlab.company.com/api/v4/packages/npm/:_authToken 'MyGeneratedAccessToken'
I had the same issue for npm publish. I tried with yarn publish and it also failed.
It was successful when I ran:
yarn publish --non-interactive
Also, I had an issue related to .husky (cannot install husky) and it was solved running before yarn publish this command with npm:
npm set-script prepare ''
I'm trying to install Ionic Pro, and I am getting this error while pushing through live deploy..
Any help would be gladly appreciated
npm install --quiet --no-optional
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: pinkie#2.0.4 (node_modules/pinkie):
npm WARN 404 SKIPPING OPTIONAL DEPENDENCY: Not Found: pinkie#https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz
npm ERR! code E404
npm ERR! 404 Not Found: pinkie-promise#https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz
npm ERR! A complete log of this run can be found in:
npm ERR! /home/gitlab-runner/.npm/_logs/2018-01-06T18_55_47_426Z-debug.log
npm install --quiet --no-optional failed
Running after script...
$ run "clean-up"
Running Stage clean-up for Job: 5211838
ERROR: Job failed: exit status 1
A little under a year ago, the package "leftpad" broke NPM builds all over the world because the author pulled it from the public repository.
The same is happening today, for "pinkie-promise". The author's NPM account (#floatdrop) was deleted, opening opportunities for malware in all the packages he's written.
Dependent builds include Ionic and (in my case) node-sass.
Resources:
NPM issue: https://github.com/npm/registry/issues/255
Incident report: https://status.npmjs.org/incidents/41zfb8qpvrdj
pinkie-promise issue: https://github.com/floatdrop/pinkie-promise/issues/4
Dependent packages: https://www.npmjs.com/browse/depended/pinkie-promise
All of #floatdrop's repositories: https://github.com/floatdrop?tab=repositories
I was able to work around this by installing pinkie-promise by pointing to their github repo.
npm install https://github.com/floatdrop/pinkie-promise.git
Solution to make project build work again
Since this dependency is not available on npm registry,
one will have to do the following to make it work.
Follow these steps to make things work again.
rm -rf node_modules/
rm -rf package-lock.json
npm i https://github.com/floatdrop/pinkie-promise.git
In the end you will see the output
+ pinkie-promise#2.0.1