I am using node-sass 4.13.1 which wraps libsass 3.5.4.
Due to security reasons we need to update libsass to 3.6.0 without downgrading the node-sass version.
How can this be achieved. Specifying the libsass version in the package.json is not feasible since libsass is not a dependency but rather a wrapped library.
Is it possible to force the use of libsass 3.6.0 after all dependencies for the repo have been installed?
Does anybody know a better solution?
I am leaning towards looking into how i can edit the scripts part of the package.json file to run a pre-install script which will force the version. Is that a good idea?
Thanks
There are forked versions of node-sass that do have 3.6.x in them, as well as a branch within the main project repo. The problem is that you will have to build it yourself in order to use them.
https://github.com/ItsLeeOwen/node-sass/tree/libsass-2b8a17a
or
https://github.com/sass/node-sass/tree/libsass-3.6.1
for example.
There is a branch available in node-sass repository which uses LibSass v3.6.3 with node-sass v4.13.1
I also faced the same issue and after doing a lot of research, the below solution worked for me:
Try installing the branch of node-sass from the github repository by using the below command (the package is already built, so you don't have to build it explicitly)
npm install https://github.com/sass/node-sass.git#v5
Related
I am trying to demystify this NPM behavior. I have a custom library which I create for an Angular Project. The library is copied directly to the Node modules directory in my Angular Folder to test any new functionalities that I add on whatever project is using it. However, I notice the older version of the library is being used by the project.
I wonder whether this is due to the NPM Cache.
So my question is, how does the NPM cache and Node_Modules folder work hand in hand?
I can't directly answer as to how the cache relates to node_modules, but I can say that your package-lock.json file is likely the culprit behind your outdated packages. Try running npm update. If that doesn't work, try deleting your package-lock.json file and running npm install.
If that also doesn't work, make sure you have the correct version specified for your library in your project's package.json file. latest will grab the latest release available, ^1.0.0 will grab the latest minor and patch releases, ~1.0.0 will grab only the latest patch releases, and 1.0.0 will only grab that exact version.
I just ran this command
npx tsc -v
and it said Version 4.5.5.
Then, I look in package.json and package-lock.json and they say typescript 4.4.4. When I look in node_modules/typescript/package.json, I see version 4.5.5. Why is npx not detecting this and throwing an error OR better yet, doing what java does and delete the old one and install the correct one.
Even better would be caching all downloaded versions outside the repo for projects to use but only using the version that my project uses so projects can share versions OR not share versions easily without wasting disk space like it is done now(the gradle/maven-java way).
I have a Gatsby starter (taylorbryant/gatsby-starter-tailwind) that uses gatsby-plugin-postcss which is not compatible with the version of gatsby installed in my machine like a few other plugins used in the starter. You can see the warning I get when trying to build for production.
warn Plugin gatsby-plugin-postcss is not compatible with your gatsby version 3.14.2 - It requires gatsby#^2.0.0
How can I downgrade Gatsby to a specific version, maybe just locally?
This isn't too difficult.
Open your package.json file and change the actual version you want to use.
Then run npm update to make sure you update all the packages to the right version.
Please correct me if I'm wrong but I believe that is the way to change the Gatsby version.
Please do keep in mind that this is most probably cause a bunch of other discrepancies with other packages that actually require a higher version in order to work.
You can find more information about how different versions work here: https://www.gatsbyjs.com/docs/reference/release-notes/migrating-from-v2-to-v3/
Best of luck!
I am working on a project with dotnet core, in Linux and it is using MVC.
I am reading a book for learning how to put things together. The book advises installing Bower. But the last time I researched bower I believe they were advising towards using something else for new projects.
I would like to know what alternative I can use for front end management. I need to be able to use Bootstrap, Jquery, Popper and Datatables on my page. And of course, I should be able to use it in Linux.
Thanks for the help francium. NPM is working just fine.It is in the official Ubuntu repository. You have to install popper the following way though: npm install popper.js --save
If you don't specify the .js extension it will give you a warning saying that bootstrap requires a popper installation but it was not installed. You also have to install git on your machine to make it work. I did not do it the first time I ran it and it gave me an error asking me if it was installed. Thanks for the suggestion, It was relatively easy to do get things working.
Yarn is now the alternative to Bower, but to install Yarn you need to use NPM
I have a scenario where I want to develop/QA against a different version of the same package that is used on production. I'm trying to manage this in a single package.json file. However, when I add a package to dependencies and devDependencies with different versions, the npm install command prefers the version specified at dependencies. Is there a way to get it to prefer the version installed at devDependencies? Or is there perhaps a different/better way to manage this scenario?
npm link is the preferred solution to this problem.