Whenever I run the command npm install package-name, it doesn't show any error and it also does not install the package(no node_modules folder, just does nothing). Here is the kind of message I get:
up to date, audited 248 packages in 11s
8 packages are looking for funding run npm fund for details
19 vulnerabilities (6 moderate, 9 high, 4 critical)
To address issues that do not require attention, run: npm audit fix
To address all issues (including breaking changes), run: npm audit
fix --force
Run npm audit for details.
I have also tried npm i package-name and npm install --save package-name, but all give the same message. I'm currently using Node version 18.12.1.
What could I be doing wrong and what could be causing this issue?
In order to install npm packages locally, you should run the
npm init
command first.
A file called package.json will be created which contains basic information about the project and the dependencies used in it.
Then in the same directory run the installation command.
Silly me. The fix was to initialize npm in the folder. I ran npm init -y and everything works fine now.
Related
Little background for the issue I am facing with npm install:
While installing npm dependencies with npm i --legacy-peer-deps - which updates the package-lock.json as expected.
We have a pre-commit hook, that does the npm install --package-lock-only --legacy-peer-deps to sync package.json changes to the package-lock.json -- this second command is reverting the changes/or removing some sub-set of dependencies fromnpm i --legacy-peer-deps
As I was not able to find a way to capture the changes to package-lock.json changes, so I have tried running the same npm i --legacy-peer-deps twice in a row - which in a way replicates the problem I am observing with npm i --legacy-peer-deps.
Issue:
The packages that were added and removed during the first run are toggled during the second run.
The bash command output is provided in the trailing part here.
We have preinstall and postinstall scripts - to address a known security issue with request module that was being used in koa-proxy and to resolve a buggy version of http-signature#1.2.0 - which is a transitive dependency.
$ node -v
v18.12.1
$ npm -v
8.19.2
$ npm i --legacy-peer-deps
> ************ preinstall
> npx npm-force-resolutions
> ************ postinstall
> npx patch-package
patch-package 6.5.1
Applying patches...
request#2.88.2 ✔
> ************ prepare
> node_modules/.bin/husky-run install
added 33 packages, removed 7 packages, and audited 1519 packages in 28s
7 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm i --legacy-peer-deps
> ************ preinstall
> npx npm-force-resolutions
> ************ postinstall
> npx patch-package
patch-package 6.5.1
Applying patches...
request#2.88.2 ✔
> ************ prepare
> node_modules/.bin/husky-run install
added 7 packages, removed 33 packages, and audited 1493 packages in 29s
7 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$
I have repeated the test with npm 9.x version and the behaviour is observed there as well
Expected Behavior
Re-running npm install on a code base, should not remove/install the packages that were updated in the previous run
Steps To Reproduce
npm install --legacy-peer-deps
npm install --legacy-peer-deps
Environment
npm: 8.19.2 & 9.4.1
Node.js: v18.12.1
OS Name: Mac Ventura 13.1
System Model Name: Macbook M1
npm config:
engine-strict = true
legacy-peer-deps = true
I have tried with different versions of npm, but not tried with different versions of Node - Node18 is a minimum requirement with my codebase at present.
Need help with the package toggling issue or any alternative to get package-lock.json upgraded to get the package changes synched without running npm install again.
When I run npm update -g, I get this enormous list of vulnerabilities on the screenshot
I tried to globally update npm to the latest version, and I tried to install npm-check-updates. I updated something with it, and now ncu -g gives me 'All global packages are up to date'.
npm audit fix and npm audit fix --force don't do anything.
Yet, all the vulnerabilities are still here. What can I do about it?
Here's list of globally installed packages I have:
And here's the output of npm audit fix and npm audit fix --force while I'm in the directory where the global packages are installed:
If I delete package-lock.json, npm audit fix doesn't run at all and wants me to initialize npm in this global packages directory with package-json.only. After doing so, it gives me the output from above.
How can I fix these vulnerabilites? Or do I need to care about them at all?
I'm trying to install react native on my Mac through the terminal using "sudo npm install -g expo-cli" but at the end of the installation errors appear.
115 packages are looking for funding
run `npm fund` for details
31 vulnerabilities (19 moderate, 12 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Before trying to install react native I obviously installed nodeJS (16) in its latest version.
Anyone have an idea why the installation doesn't work?
when I do "npm audit fix" this is what it says:
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
Thank you in advance for your help.
Good news!
The first block you're referring to does not indicate installation failure. Your packages were installed correctly. The warnings are for nested security vulnerabilities which you can choose to address or ignore, depending on your app.
To prove that it was installed, run npm list -g in your terminal and see if expo-cli is in the list.
You can also check the packages installed correctly by creating a new react app using
npx create-react-app my-app
cd my-app
npm start
npm audit fix is intended to automatically upgrade / fix vulnerabilities in npm packages
I have installed and reinstalled npm to try to run ganache and it has not been successful..really need help here!
(base) user bin % npm install -g ganache-cli
changed 6 packages, and audited 102 packages in 4s
2 packages are looking for funding
run npm fund for details
8 vulnerabilities (7 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit for details.
(base) user bin % ganache-cli
zsh: command not found: ganache-cli
The most likely cause is that the global modules installation directory is not in your path. As a quick workaround, you can run it like this:
`npm root -g`/ganache-cli/cli.js
A better idea (aside from fixing your PATH!) would be to install it as a dev dependency in the project that needs it (so npm install -D instead of npm install -g) and then run it with npx (so npx ganache-cli rather than ganache-cli).
For Win10:
update PATH env variable adding
C:\Users\myUserName\AppData\Local\Yarn\bin
FYI: In that dir there are 2 files:
ganache-cli
ganache-cli.cmd
if you are on linux(my case ubuntu) and you encoutered this issue. you should try
$sudo npm install -g ganache
OR
$sudo yarn global add ganache
This is probably because you used sudo privileges to install npm and yarn in first place.
happy hacking :)
bootstrap#4.1.1
updated 1 package and audited 1932 packages in 17.046s
145 packages are looking for funding
run npm fund for details
found 6 vulnerabilities (4 moderate, 2 high)
run npm audit fix to fix them, or npm audit for details
Delete folder 'node_modules' and run in console:
npm install // or yarn install
This isn't an error, this message is normal.
145 packages are looking for funding run npm fund for details
This line is a donation call (not mandatory)
found 6 vulnerabilities (4 moderate, 2 high) run npm audit fix to fix them, or npm audit for details
This line informs you that some of your package.json modules have vulnerabilities. Run npm audit to view a list of them and the associated vulnerabilities.
If you run the mentioned command npm audit fix, it will try to automatically fix it for you by updating your package.json with new versions for these modules.
Delete node_modules and package-lock.json after taht:
npm audit fix
npm install