Anyone knows a trick to install multiple versions of the same package through npmjs ? I know it's not possible to use the same package-name in package.json but it gives you an idea of what I try to achieve:
"dependencies": {
"mypackage": "user/mypackage#v1.0",
"mypackage": "user/mypackage#v2.0"
}
At the end, I want to A/B test my package with different versions. Thanks a lot !
Based on npm discussion, this won't be implemented any time soon.
Some reference:
https://github.com/npm/npm/issues/5499
https://github.com/npm/npm/issues/2943
Related
I am using resolutions to resolve a vulnerability coming from a nested dependency (#dep/xyz). The nested dependency is using axios 0.21.1 whichhas a vulnerability. I am supposed to upgrade to any compatible version above it.
When I added it to resolutions like below I don't see the update in yarn.lock file for the nested dependency. Please advise.
Below is my package.json file
package.json
{
"name" : "xyz",
dependencies: {
"#dep/xyz" : "2.3.4",
"axios": "^0.21.2"
},
"resolutions": {
"**/**/axios": "^0.21.2"
}
}
yarn.lock which gets created after yarn install of above
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
axios#^0.21.1, axios#^0.21.2:
version "0.21.4"
resolved "https:..."
integrity sha1-123...=
dependencies:
follow-redirects "^1.14.0"
"#dep/xyz#2.3.4":
version "2.3.4"
resolved "https:..."
integrity sha1-123...=
dependencies:
"#x/d1" "0.2.2"
"#y/d2" "0.9.2"
axios "^0.21.1"
You likely need to upgrade yarn. resolutions does not work with dependencies that have / in their name for yarn versions below 2. See https://github.com/yarnpkg/yarn/issues/4874
For starters, you don't need to do any resolution pinning. #dep/xyz#2.3.4 is pulling in axios with semver specification of "^0.21.1". In this context it will accept any version that is both >=0.21.1 and <0.22.0. You need only to use yarn to update the version of axios being resolved. I would advise AGAINST resolution pinning when you don't need to, because that can cause long-term incompatibility. If in the future axios has version >=0.22.0 that you or your dependencies are trying to consume, your resolution setting will force those down to be something within the range >=0.21.2 && <0.22.0.
More directly to your question - I don't see anything that looks wrong. The lockfile is doing exactly what I would expect. Your resolution of "axios#^0.21.2" is being respected, as it's pulling in 0.21.4 which abides by that (even though like I said a resolution is not necessary to achieve that). You haven't done any kind of resolution pinning associated with #dep/xyz (nor should you) so nothing is changed there.
I'm trying to create a SVG component.
I have this problem after run command "npm i".
I think versions between packages aren't compatible.
How to fix this or create SVG component without react-native-svg package?
Thank a lot.enter image description here
Add the following to package.json:
{
// scripts, dependencies, etc.
"resolutions": {
"css-what": "5.0.1"
},
}
Remove lock file. Install the packages. Check if the app is still working. If works then keep the configuration (and ignore the warnings) else revert it.
Since you are using npm, you may wanna first refer this thread: npm equivalent of yarn resolutions?
I created a project with vue-cli 4.1.1, and after running yarn serve, i got the following error
Error: [BABEL] C:\dev\vuestudy\src\main.js: Cannot find module './src/data' (While processing: "C:\\dev\\vuestudy\\node_modules\\#vue\\cli-plugin-babel\\preset.js")
Any tips on this?
Thanks in advance.
UPDATE:
Kousha and Dave are right,after waiting for the core-js package update, I created a new project, and now it's working.
It looks like there's been a bad build of npm package core-js-compat. This is a deep-down dependency of Babel. Lots of things will be affected, things that use Babel.
You will experience this problem if you have core-js-compat v.3.4.6. You can check this by doing npm list core-js-compat. The problem is apparently fixed by v.3.4.7, which was pushed out pretty quickly, about half-an-hour later, but unfortunately it takes a while to spread out through the repositories. You can either wait until an npm update gets you v.3.4.7 or you can go manually download v.3.4.7 if you want to get going right away.
This is a bug with core-js-compat v3.4.6, but already the fix has gone with v3.4.7. See https://github.com/zloirock/core-js/issues/712 for more detail.
You may be able to force install the not-broken version with
npm i core-js-compat#3.4.7 --save
It worked on my machineā¢
With Vue / Nuxt, you can delete package-lock.json and node_modules and do an npm install to fix this issue.
Hello I am a beginner in React-native and below is my flowconfig file's version and I get an error with this version
[version]
^0.92.0
Is there a way to fix this error, I was trying to run debug mode in visual code for running react-native projects and to print console.log.
So far I am unsuccessful.
PS:- beginner in react-native
Change [version] in the .flowconfig to match the installed version, ^0.95.1
1. Check that the following tags match
package.json
"devDependencies": {
"flow-bin": "0.130.0"
}
.flowconfig
[version]
^0.130.0
2. Clean & Reinstall
If they match, this error can occur when your node_modules are out of sync with the version of flow-bin in your package.json. This can occur if you've changed branches recently or have have an older version in your node modules.
Try removing and reinstalling like this:
rm -rf node_modules/ && npm i
Instead of changing the flow version make it a ranged version. For example something like >=0.50.0 or simply remove the version altogether. You can read about that more in the flowconfig docs
I find that changing the flow version every time you face this problem to be a bad approach especially if you work with a team and each team member has a different version installed and they would commit their version into the .flowconfig file
We had been using version 0.11.0 of angular-bootstrap from npmjs. It appears that version is no longer available on npmjs. From the commands below does this mean that someone actually unpublished the older packages?
prompt:~$ npm view angular-bootstrap time
{ modified: '2015-01-12T06:48:54.881Z',
created: '2014-01-29T21:54:32.213Z',
'0.0.1': '2014-01-29T21:54:37.589Z',
'0.0.2': '2014-01-29T22:03:08.814Z',
'0.0.3': '2014-01-29T22:51:49.998Z',
'0.0.4': '2014-02-11T15:14:17.078Z',
'0.11.0': '2014-06-24T07:06:56.435Z',
'0.13.0-SNAPSHOT': '2014-12-02T13:05:43.151Z',
'0.12.0': '2015-01-12T06:46:41.986Z' }
prompt:~$ npm view angular-bootstrap versions
0.12.0
I agree, the package seems to have been unpublished. You can still access it from the github history, as follows:
$ npm install "angular-ui/bootstrap#0.11.0"
(note that you may not need quoting, but some shells will interpret the # as a comment-begin character.) You can also use this syntax in dependencies inside package.json
If you have a project in production that depends on this, you should probably make a fork of the angular-ui/bootstrap repository and point towards that.
(I had some difficulty making this work on Windows, but it looks like you're on a Unixy system, so you should be fine.)
Ticket discussing this and the future is at https://github.com/angular-ui/bootstrap/issues/1636