When I try to run my expo project I get this message:
D:\React\myproject>npm start
> start
> expo start
Starting project at D:\React\myproject
Unable to find expo in this project - have you run yarn / npm install yet?
If I run npm install i get this:
D:\React\myproject>npm install
npm notice Beginning October 4, 2021, all connections to the npm registry - including for package installation - must use TLS 1.2 or higher. You are currently using plaintext http to connect. Please visit the GitHub blog for more information: https://github.blog/2021-08-23-npm-registry-deprecating-tls-1-0-tls-1-1/
up to date, audited 940 packages in 4s
18 packages are looking for funding
run `npm fund` for details
12 vulnerabilities (6 low, 6 moderate)
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
And this is what I get when I run npm audit:
D:\React\myproject>npm audit
npm notice Beginning October 4, 2021, all connections to the npm registry - including for package installation - must use TLS 1.2 or higher. You are currently using plaintext http to connect. Please visit the GitHub blog for more information: https://github.blog/2021-08-23-npm-registry-deprecating-tls-1-0-tls-1-1/
# npm audit report
node-fetch =0.22.0-rc
Depends on vulnerable versions of #react-native-community/cli
Depends on vulnerable versions of #react-native-community/cli-platform-ios
Depends on vulnerable versions of fbjs
node_modules/react-native
node_modules/react-native/node_modules/react-native
metro-config =0.3.2
Depends on vulnerable versions of xmldom
node_modules/plist
#react-native-community/cli-platform-ios *
Depends on vulnerable versions of plist
Depends on vulnerable versions of xcode
node_modules/#react-native-community/cli-platform-ios
react-native =0.22.0-rc
Depends on vulnerable versions of #react-native-community/cli
Depends on vulnerable versions of #react-native-community/cli-platform-ios
Depends on vulnerable versions of fbjs
node_modules/react-native
node_modules/react-native/node_modules/react-native
#react-native-community/cli *
Depends on vulnerable versions of metro
Depends on vulnerable versions of react-native
node_modules/react-native/node_modules/#react-native-community/cli
simple-plist *
Depends on vulnerable versions of plist
node_modules/simple-plist
xcode >=0.8.3
Depends on vulnerable versions of simple-plist
node_modules/xcode
12 vulnerabilities (6 low, 6 moderate)
Some issues need review, and may require choosing
a different dependency.
This happens since I tried to update expo sdk, but I don't know what I did wrong. Can someone help me with this?
Run npm config set registry https://registry.npmjs.org/
Some computers are still running with http://registry.npmjs.org/ which is not going to be allowed anymore for security reasons.
You may try adding a .npmrc file and update the repo allocation under the user\xxx directory.
registry=https://registry.npmjs.org/
Related
I have inherited a project from a previous developer and having a bit of trouble getting it set up and running. I copied the files and then did npm install and now I am being presented with the following:
# npm audit report
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core#4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of json5
node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/babel-register
3 high severity vulnerabilities
Any idea how I can get around these issues?
You are getting these warnings because, the packages that you are using have bugs. To dismiss this, you have to upgrade your packages to their latest versions.
your packages are outdated. that's why you are getting this type of error, to update all package.
try this command.
npx npm-check-updates -u
I am trying to teach myself web development and so far it's making my head hurt, but I'm not giving up. At the moment, I am trying to learn WordPress theme development using the Understrap framework. This is what I have done so far to try and get it all working:
Install Node using Homebrew on my Mac
Created a project folder on my Desktop
Ran the following git command to install Understrap in my project folder: git clone https://github.com/understrap/understrap.git
Then ran npm install within the director in a terminal window
After doing all of this, I keep getting the following errors, but not being a seasoned web dev expert, this has me a bit boggled:
72 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Then I ran "npm audit" to get a better idea of the issue and this is where I am completely lost and hoping one of you fantastic folks on here can provide some assistance:
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install gulp#3.9.1, which is a breaking change
node_modules/glob-stream/node_modules/glob-parent
node_modules/glob-watcher/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/glob-watcher/node_modules/chokidar
glob-watcher >=3.0.0
Depends on vulnerable versions of chokidar
node_modules/glob-watcher
gulp >=4.0.0
Depends on vulnerable versions of glob-watcher
node_modules/gulp
glob-stream 5.3.0 - 6.1.0
Depends on vulnerable versions of glob-parent
node_modules/glob-stream
vinyl-fs >=2.4.2
Depends on vulnerable versions of glob-stream
node_modules/vinyl-fs
6 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
BTW, I ran "npm audit fix --force", but it did not resolve this issue.
Thank you all so much for your help on this, I really appreciate it!
I wanted to start learning React Native using Expo, but I cannot install it using npm.
When I run the command npm install -g expo-cli, it gives me the following error:
added 825 packages, and audited 826 packages in 53s
28 packages are looking for funding
run `npm fund` for details
10 vulnerabilities (4 low, 6 moderate)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
It told me to run npm audit fix and I tried the command right away.
However, the error stills seem to remain
# npm audit report
node-fetch <=2.6.0 || 3.0.0-beta.1 - 3.0.0-beta.8
Denial of Service - https://npmjs.com/advisories/1556
fix available via `npm audit fix --force`
Will install expo#1.0.0, which is a breaking change
node_modules/node-fetch
isomorphic-fetch 2.0.0 - 2.2.1
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
fbemitter 2.0.3 - 3.0.0-alpha.1
Depends on vulnerable versions of fbjs
node_modules/fbemitter
expo >=14.0.0
Depends on vulnerable versions of expo-constants
Depends on vulnerable versions of fbemitter
node_modules/expo
xmldom *
Severity: moderate
Misinterpretation of malicious XML input - https://npmjs.com/advisories/1769
fix available via `npm audit fix --force`
Will install expo#1.0.0, which is a breaking change
node_modules/xmldom
#expo/plist <=0.0.13
Depends on vulnerable versions of xmldom
node_modules/expo-constants/node_modules/#expo/plist
#expo/config-plugins <=3.0.8
Depends on vulnerable versions of #expo/plist
node_modules/expo-constants/node_modules/#expo/config-plugins
#expo/config 3.3.23-alpha.0 - 5.0.8
Depends on vulnerable versions of #expo/config-plugins
node_modules/expo-constants/node_modules/#expo/config
expo-constants >=10.1.2
Depends on vulnerable versions of #expo/config
node_modules/expo-constants
expo >=14.0.0
Depends on vulnerable versions of expo-constants
Depends on vulnerable versions of fbemitter
node_modules/expo
10 vulnerabilities (4 low, 6 moderate)
To address all issues (including breaking changes), run:
npm audit fix --force
I tried running npm audit fix --force and it gave me the following outcome.
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating expo to 1.0.0,which is a SemVer major change.
removed 824 packages, changed 1 package, and audited 2 packages in 19s
found 0 vulnerabilities
I thought it worked and I tried running the command expo and expo-cli and bash told me that the command could not be found.
I have been following codelab instructions to implement Real-time communication with WebRTC and while trying to run npm-install I am getting the following warnings.
npm WARN webrtc-codelab#0.0.1 No repository field.
npm WARN webrtc-codelab#0.0.1 No license field.
audited 52 packages in 0.81s
found 16 vulnerabilities (11 low, 1 moderate, 3 high, 1 critical)
run npm audit fix to fix them, or npm audit for details
Can someone help me with fixing this?
The first ones are because of the licence and repository fields of the package.json being empty, you can fill them using docs for licence and repository.
The latter ones are due to outdated dependencies used by the code sample, it is ok to ignore this warning for an educational project because the vulnerabilities often are not important if you are not planning to use the project on a production server. But if it is bothering you you can use npm audit fix as suggested by npm, it'll try to update dependencies if there are no breaking changes in the upgrade it might not succeed in doing so for some or all of those packages in which case you'll need to manually install the newer version of those packages but beware cause doing so COULD break the code sample to the point that it'll no longer work.
I am working on a react project and I am using various npm packages. Now there were 1002 vulnerable packages when I started fixing/updating my old packages. And at last this only 20 vulnerable packages were remained which were also very low priority.
But now again after 3 months the vulnerability has increase to 925 vulnerable packages. So my question is, when I am using packages.lock.json for installing a specific package version only. Then how the vulnerabilities increased. I mean is there any mechanism which npm follow before telling "this package is vulnerable." I want to know how npm check if this package is vulnerable or not. Even when it was fine before and I am using same package version with same node version as well.
npm as a package manager runs audit of the installed/installing dependencies to check for the vulnerabilities posted/reported on that particular NPM package you installed/installing. It list them out to notify/warn you about the problem you might encounter, using such packages.
It will be an API call from npm to the registry. Read further: docs.npmjs.com/cli/audit#description
One can manually audit its dependencies as well. using the following command:
npm audit
Make sure you are running this command in the same directory where your package-lock.json exists.
If you are using yarn as a package manager, you can run:
yarn audit
Here is a great explanation on npm vulnerability.
https://snyk.io/blog/understanding-filesystem-takeover-vulnerabilities-in-npm-javascript-package-manager/
NPM vulnerability check mainly depends on the version and last publish date of each packages.