I'm trying to install react native on my Mac through the terminal using "sudo npm install -g expo-cli" but at the end of the installation errors appear.
115 packages are looking for funding
run `npm fund` for details
31 vulnerabilities (19 moderate, 12 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Before trying to install react native I obviously installed nodeJS (16) in its latest version.
Anyone have an idea why the installation doesn't work?
when I do "npm audit fix" this is what it says:
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
Thank you in advance for your help.
Good news!
The first block you're referring to does not indicate installation failure. Your packages were installed correctly. The warnings are for nested security vulnerabilities which you can choose to address or ignore, depending on your app.
To prove that it was installed, run npm list -g in your terminal and see if expo-cli is in the list.
You can also check the packages installed correctly by creating a new react app using
npx create-react-app my-app
cd my-app
npm start
npm audit fix is intended to automatically upgrade / fix vulnerabilities in npm packages
Related
Little background for the issue I am facing with npm install:
While installing npm dependencies with npm i --legacy-peer-deps - which updates the package-lock.json as expected.
We have a pre-commit hook, that does the npm install --package-lock-only --legacy-peer-deps to sync package.json changes to the package-lock.json -- this second command is reverting the changes/or removing some sub-set of dependencies fromnpm i --legacy-peer-deps
As I was not able to find a way to capture the changes to package-lock.json changes, so I have tried running the same npm i --legacy-peer-deps twice in a row - which in a way replicates the problem I am observing with npm i --legacy-peer-deps.
Issue:
The packages that were added and removed during the first run are toggled during the second run.
The bash command output is provided in the trailing part here.
We have preinstall and postinstall scripts - to address a known security issue with request module that was being used in koa-proxy and to resolve a buggy version of http-signature#1.2.0 - which is a transitive dependency.
$ node -v
v18.12.1
$ npm -v
8.19.2
$ npm i --legacy-peer-deps
> ************ preinstall
> npx npm-force-resolutions
> ************ postinstall
> npx patch-package
patch-package 6.5.1
Applying patches...
request#2.88.2 ✔
> ************ prepare
> node_modules/.bin/husky-run install
added 33 packages, removed 7 packages, and audited 1519 packages in 28s
7 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm i --legacy-peer-deps
> ************ preinstall
> npx npm-force-resolutions
> ************ postinstall
> npx patch-package
patch-package 6.5.1
Applying patches...
request#2.88.2 ✔
> ************ prepare
> node_modules/.bin/husky-run install
added 7 packages, removed 33 packages, and audited 1493 packages in 29s
7 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$
I have repeated the test with npm 9.x version and the behaviour is observed there as well
Expected Behavior
Re-running npm install on a code base, should not remove/install the packages that were updated in the previous run
Steps To Reproduce
npm install --legacy-peer-deps
npm install --legacy-peer-deps
Environment
npm: 8.19.2 & 9.4.1
Node.js: v18.12.1
OS Name: Mac Ventura 13.1
System Model Name: Macbook M1
npm config:
engine-strict = true
legacy-peer-deps = true
I have tried with different versions of npm, but not tried with different versions of Node - Node18 is a minimum requirement with my codebase at present.
Need help with the package toggling issue or any alternative to get package-lock.json upgraded to get the package changes synched without running npm install again.
Whenever I run the command npm install package-name, it doesn't show any error and it also does not install the package(no node_modules folder, just does nothing). Here is the kind of message I get:
up to date, audited 248 packages in 11s
8 packages are looking for funding run npm fund for details
19 vulnerabilities (6 moderate, 9 high, 4 critical)
To address issues that do not require attention, run: npm audit fix
To address all issues (including breaking changes), run: npm audit
fix --force
Run npm audit for details.
I have also tried npm i package-name and npm install --save package-name, but all give the same message. I'm currently using Node version 18.12.1.
What could I be doing wrong and what could be causing this issue?
In order to install npm packages locally, you should run the
npm init
command first.
A file called package.json will be created which contains basic information about the project and the dependencies used in it.
Then in the same directory run the installation command.
Silly me. The fix was to initialize npm in the folder. I ran npm init -y and everything works fine now.
I have installed and reinstalled npm to try to run ganache and it has not been successful..really need help here!
(base) user bin % npm install -g ganache-cli
changed 6 packages, and audited 102 packages in 4s
2 packages are looking for funding
run npm fund for details
8 vulnerabilities (7 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit for details.
(base) user bin % ganache-cli
zsh: command not found: ganache-cli
The most likely cause is that the global modules installation directory is not in your path. As a quick workaround, you can run it like this:
`npm root -g`/ganache-cli/cli.js
A better idea (aside from fixing your PATH!) would be to install it as a dev dependency in the project that needs it (so npm install -D instead of npm install -g) and then run it with npx (so npx ganache-cli rather than ganache-cli).
For Win10:
update PATH env variable adding
C:\Users\myUserName\AppData\Local\Yarn\bin
FYI: In that dir there are 2 files:
ganache-cli
ganache-cli.cmd
if you are on linux(my case ubuntu) and you encoutered this issue. you should try
$sudo npm install -g ganache
OR
$sudo yarn global add ganache
This is probably because you used sudo privileges to install npm and yarn in first place.
happy hacking :)
bootstrap#4.1.1
updated 1 package and audited 1932 packages in 17.046s
145 packages are looking for funding
run npm fund for details
found 6 vulnerabilities (4 moderate, 2 high)
run npm audit fix to fix them, or npm audit for details
Delete folder 'node_modules' and run in console:
npm install // or yarn install
This isn't an error, this message is normal.
145 packages are looking for funding run npm fund for details
This line is a donation call (not mandatory)
found 6 vulnerabilities (4 moderate, 2 high) run npm audit fix to fix them, or npm audit for details
This line informs you that some of your package.json modules have vulnerabilities. Run npm audit to view a list of them and the associated vulnerabilities.
If you run the mentioned command npm audit fix, it will try to automatically fix it for you by updating your package.json with new versions for these modules.
Delete node_modules and package-lock.json after taht:
npm audit fix
npm install
There is something I don't understand with how npm audit fix works. From the docs:
npm audit fix runs a full-fledged npm install under the hood
So why when I run npm install and see audit vulnerabilities do I have to run npm audit fix manually to fix them?
npm install without any arguments will just install the dependencies in your package-lock.json (assuming it exists). npm audit fix will use the audit information to figure out what dependencies need to be upgraded and install them, as long as they don't conflict with your package.json.