Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm install failed. #103

Open
MasaruKitajima opened this issue Feb 17, 2023 · 0 comments
Open

npm install failed. #103

MasaruKitajima opened this issue Feb 17, 2023 · 0 comments

Comments

@MasaruKitajima
Copy link

Environment

  • Device
    • MacBookAir10,1
  • Softwares
  • macOS
    • version 13.2.1
    • build 22D68
  • Node.js
    • v19.4.0
    • npm
      • 9.2.0
    • yarn
      • 1.22.19

When I ran npm install as instructed, I was unable to complete the installation.

The followings are logs.

$ ncu
 @babel/cli                       ^7.14.3  →   ^7.20.7
 @babel/core                      ^7.14.3  →  ^7.20.12
 @babel/plugin-transform-runtime  ^7.14.3  →   ^7.19.6
 @babel/preset-env                ^7.14.4  →   ^7.20.2
 @babel/runtime                   ^7.14.0  →  ^7.20.13
 babel-jest                       ^24.8.0  →   ^29.4.3
 coveralls                         ^3.1.0  →    ^3.1.1
 cross-env                         ^5.2.1  →    ^7.0.3
 eslint                           ^5.16.0  →   ^8.34.0
 eslint-config-airbnb-base        ^14.2.1  →   ^15.0.0
 eslint-plugin-import             ^2.23.4  →   ^2.27.5
 husky                             ^2.4.0  →    ^8.0.3
 jest                             ^24.8.0  →   ^29.4.3
 lint-staged                       ^8.2.0  →   ^13.1.2

Run ncu -u to upgrade package.json

$ ncu -u
 @babel/cli                       ^7.14.3  →   ^7.20.7
 @babel/core                      ^7.14.3  →  ^7.20.12
 @babel/plugin-transform-runtime  ^7.14.3  →   ^7.19.6
 @babel/preset-env                ^7.14.4  →   ^7.20.2
 @babel/runtime                   ^7.14.0  →  ^7.20.13
 babel-jest                       ^24.8.0  →   ^29.4.3
 coveralls                         ^3.1.0  →    ^3.1.1
 cross-env                         ^5.2.1  →    ^7.0.3
 eslint                           ^5.16.0  →   ^8.34.0
 eslint-config-airbnb-base        ^14.2.1  →   ^15.0.0
 eslint-plugin-import             ^2.23.4  →   ^2.27.5
 husky                             ^2.4.0  →    ^8.0.3
 jest                             ^24.8.0  →   ^29.4.3
 lint-staged                       ^8.2.0  →   ^13.1.2

Run npm install to install new versions.

$ npm install
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142

added 889 packages, and audited 890 packages in 22s

123 packages are looking for funding
  run `npm fund` for details

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

$ npm audit
# npm audit report

terser  <4.8.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/terser
  uglifyify  >=5.0.1
  Depends on vulnerable versions of terser
  node_modules/uglifyify

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

$ npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating uglifyify to 5.0.0, which is a SemVer major change.
npm WARN deprecated [email protected]: support for ECMAScript is superseded by `uglify-js` as of v3.13.0

added 4 packages, removed 3 packages, changed 1 package, and audited 891 packages in 2s

123 packages are looking for funding
  run `npm fund` for details

# npm audit report

extend  <2.0.2
Severity: moderate
Prototype Pollution in extend - https://github.com/advisories/GHSA-qrmc-fj45-qfc2
fix available via `npm audit fix`
node_modules/uglifyify/node_modules/extend
  uglifyify  2.2.0 - 5.0.1
  Depends on vulnerable versions of extend
  node_modules/uglifyify

2 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix

$ npm audit fix
added 3 packages, removed 4 packages, changed 1 package, and audited 890 packages in 2s

123 packages are looking for funding
  run `npm fund` for details

# npm audit report

terser  <4.8.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
  uglifyify  >=5.0.1
  Depends on vulnerable versions of terser
  node_modules/uglifyify

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

$ npm audit fix
up to date, audited 890 packages in 1s

123 packages are looking for funding
  run `npm fund` for details

# npm audit report

terser  <4.8.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
  uglifyify  >=5.0.1
  Depends on vulnerable versions of terser
  node_modules/uglifyify

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

I cloned into another directory to confirm if the yarn worked or not.

$ yarn instal
yarn install v1.22.19
info No lockfile found.
[1/5] 🔍  Validating package.json...
[2/5] 🔍  Resolving packages...
warning [email protected]: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.
warning babel-jest > @jest/transform > jest-haste-map > [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning babel-jest > @jest/transform > jest-haste-map > [email protected]: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
warning babel-jest > @jest/transform > micromatch > snapdragon > [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
warning babel-jest > @jest/transform > micromatch > snapdragon > source-map-resolve > [email protected]: https://github.com/lydell/resolve-url#deprecated
warning babel-jest > @jest/transform > micromatch > snapdragon > source-map-resolve > [email protected]: See https://github.com/lydell/source-map-url#deprecated
warning babel-jest > @jest/transform > micromatch > snapdragon > source-map-resolve > [email protected]: Please see https://github.com/lydell/urix#deprecated
warning browserify > url > [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
warning coveralls > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning coveralls > request > [email protected]: this library is no longer supported
warning coveralls > request > [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > [email protected]: use String.prototype.padStart()
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
warning jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > [email protected]: Use your platform's native performance.now() and performance.timeOrigin.
[3/5] 🚚  Fetching packages...
[4/5] 🔗  Linking dependencies...
[5/5] 🔨  Building fresh packages...
success Saved lockfile.
✨  Done in 35.91s.

$ yarn build
yarn run v1.22.19
$ npm run build:cjs && npm run build:umd && npm run build:umd:min

> [email protected] build:cjs
> cross-env BABEL_ENV=cjs babel src --out-dir lib

Successfully compiled 3 files with Babel (355ms).

> [email protected] build:umd
> cross-env BABEL_ENV=umd NODE_ENV=development browserify src/index.js -s Kuroshiro -o dist/kuroshiro.js -t [ babelify ]


> [email protected] build:umd:min
> cross-env BABEL_ENV=umd NODE_ENV=production browserify src/index.js -s Kuroshiro -g uglifyify -o dist/kuroshiro.min.js -t [ babelify ]

✨  Done in 3.77s.

To be honest with you, I'm not familiar with Node.js, but it seems wired to see deprecated packages exist.

I wonder if the files built by yarn are usable or not.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MasaruKitajima