npm install command does not work with Laravel version 5.8 - node.js

I created a Laravel 5.8 project, and I want to install npm. So I typed npm install but I get this message:
npm WARN deprecated popper.js#1.16.1: You can find the new Popper v2 at #popperjs/core, this package is dedicated to the legacy v1
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents#1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated resolve-url#0.2.1: https://github.com/lydell/resolve-url#deprecated
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^1.2.7 (node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN notsup Unsupported engine for watchpack-chokidar2#2.0.0: wanted: {"node":"<8.10.0"} (current: {"node":"12.18.3","npm":"6.14.6"})
npm WARN notsup Not compatible with your version of node/npm: watchpack-chokidar2#2.0.0
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#~2.1.2 (node_modules\watchpack\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
added 1055 packages from 500 contributors and audited 1058 packages in 149.498s
37 packages are looking for funding
run `npm fund` for details
found 1 low severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
So I saw this question related to my question, and he said run the npm install #popperjs/core --save command and after that npm uninstall popper.js --save in order to install Popper.
But as soon as I typed npm install #popperjs/core --save, I get this message:
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.1.3 (node_modules\watchpack\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
+ #popperjs/core#2.5.2
added 1 package from 1 contributor and audited 1059 packages in 9.5s
38 packages are looking for funding
run `npm fund` for details
found 1 low severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
So now I don't know really what should I do for installing npm, so if you know, please let me know, I would appreciate that!
Thanks in advance...
UPDATE #1:
Here is my package.json:
{
"private": true,
"scripts": {
"dev": "npm run development",
"development": "cross-env NODE_ENV=development node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js",
"watch": "npm run development -- --watch",
"watch-poll": "npm run watch -- --watch-poll",
"hot": "cross-env NODE_ENV=development node_modules/webpack-dev-server/bin/webpack-dev-server.js --inline --hot --config=node_modules/laravel-mix/setup/webpack.config.js",
"prod": "npm run production",
"production": "cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --no-progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js"
},
"devDependencies": {
"axios": "^0.19",
"bootstrap": "^4.1.0",
"cross-env": "^5.1",
"jquery": "^3.2",
"laravel-mix": "^4.0.7",
"lodash": "^4.17.13",
"popper.js": "^1.12",
"resolve-url-loader": "^2.3.1",
"sass": "^1.15.2",
"sass-loader": "^7.1.0",
"vue": "^2.5.17"
},
"dependencies": {
"#popperjs/core": "^2.5.2"
}
}
UPDATE 2:
I removed "popper.js": "^1.12", at package.json and node_modules folder and typed npm install but again I get the same error!

Remove "popper.js": "^1.12", line from package.json
then remove node_modules
then run cmd npm install

Related

How to resolve an error with npm run serve

I am new to Vue. I had successfully created projects for a while now, with no issues. However, today I created a new project, and when I tried “npm run serve” I got back three errors out of nowhere.
Even old projects that were serving fine, I cant serve them again
I am using windows 7, so the node version is 13.14.0
This is the error I get:
ERROR Failed to compile with 3 errors
10:46:02 PM
ERROR Failed to compile with 3 errors
10:46:02 PM
These dependencies were not found:
* C:\Users\hp\Documents\vue full learn\dojo-blog-
composition\node_modules\webpack-dev-server\client\index.js?
http://192.168.43.35:8081&sockPath=/sockjs-node in multi
(webpack)-dev-server/client?
http://192.168.43.35:8081&sockPath=/sockjs-node
(webpack)/hot/dev-server.js ./src/main.js
* C:\Users\hp\Documents\vue full learn\dojo-blog-
composition\node_modules\webpack\hot\dev-server.js in multi
(webpack)-dev-server/client?
http://192.168.43.35:8081&sockPath=/sockjs-node
(webpack)/hot/dev-server.js ./src/main.js
To install them, you can run: npm install --save
C:\Users\hp\Documents\vue full learn\dojo-blog-
composition\node_modules\webpack-dev-
server\client\index.js?
http://192.168.43.35:8081&sockPath=/sockjs-node
C:\Users\hp\Documents\vue full learn\dojo-blog-
composition\node_modules\webpack\hot\dev-server.js
This relative module was not found:
* ./src/main.js in multi (webpack)-dev-server/client?
http://192.168.43.35:8081&sockPath=/sockjs-node
(webpack)/hot/dev-server.js ./src/main.js
I checked and the webpack-dev-server is in the node-bundles folder.
when I tried installing as directed above, I got more errors:
npm ERR! code ENOLOCAL
npm ERR! Could not install from "..\..\..\Documents\vue" as it
does not contain a package.json file.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\hp\AppData\Roaming\npm-
cache\_logs\2021-01-02T22_03_20_183Z-debug.log
'sockPath' is not recognized as an internal or external command,
operable program or batch file.
This is the package.json
{
"name": "project-planner",
"version": "0.1.0",
"private": true,
"scripts": {
"serve": "vue-cli-service serve",
"build": "vue-cli-service build"
},
"dependencies": {
"core-js": "^3.6.5",
"vue": "^3.0.0",
"vue-router": "^4.0.0-0"
},
"devDependencies": {
"#vue/cli-plugin-babel": "~4.5.0",
"#vue/cli-plugin-router": "~4.5.0",
"#vue/cli-service": "~4.5.0",
"#vue/compiler-sfc": "^3.0.0",
"webpack-dev-server": "^3.11.2"
}
}
I get this with I use npm install
npm WARN deprecated #hapi/joi#15.1.1: Switch to 'npm install joi'
npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated #hapi/bourne#1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated #hapi/hoek#8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated #hapi/address#2.1.4: Moved to 'npm install #sideway/address'
npm WARN deprecated #hapi/topo#3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated har-validator#5.1.5: this library is no longer supported
npm WARN deprecated fsevents#1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated resolve-url#0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
> core-js#3.8.3 postinstall C:\Users\hp\My Documents\webdev\projects\learnVue\project-planner\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!
The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock
Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)
> ejs#2.7.4 postinstall C:\Users\hp\My Documents\webdev\projects\learnVue\project-planner\node_modules\ejs
> node ./postinstall.js
Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#~2.3.1 (node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.3.1: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"ia32"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^1.2.7 (node_modules\watchpack-chokidar2\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"ia32"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^1.2.7 (node_modules\webpack-dev-server\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"ia32"})
added 1214 packages from 934 contributors and audited 1217 packages in 527.888s
61 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities

Why does my Angular project pipeline keep failing?

I have a angular project that I'm trying to tag and push to dev server using git and gitlab.
After my 4th unsuccessful try, I'm now at a loss to what I'm doing wrong.
This is my job log:
[0KRunning with gitlab-runner 12.9.0 (4c96e5ad)
[0;m[0K on dev-runner yMELGGtz
[0;msection_start:1608540813:prepare_executor
[0K[0K[36;1mPreparing the "shell" executor[0;m
[0;m[0KUsing Shell executor...
[0;msection_end:1608540813:prepare_executor
[0Ksection_start:1608540813:prepare_script
[0K[0K[36;1mPreparing environment[0;m
[0;mRunning on WIN-AVAH5M2LJ5E...
section_end:1608540814:prepare_script
[0Ksection_start:1608540814:get_sources
[0K[0K[36;1mGetting source from Git repository[0;m
[0;m[32;1mFetching changes with git depth set to 50...[0;m
Reinitialized existing Git repository in C:/runner/builds/yMELGGtz/0/gitlab_username/project_name-auth-front/.git/
From https://gitlab.com/gitlab_username/project_name-auth-front
* [new ref] refs/pipelines/232677922 -> refs/pipelines/232677922
* [new tag] v20201221.3 -> v20201221.3
[32;1mChecking out 2e8cffbc as v20201221.3...[0;m
Removing node_modules/
git-lfs/2.10.0 (GitHub; windows amd64; go 1.12.7; git a526ba6b)
[32;1mSkipping Git submodules setup[0;m
section_end:1608540861:get_sources
[0Ksection_start:1608540861:restore_cache
[0K[0K[36;1mRestoring cache[0;m
[0;msection_end:1608540862:restore_cache
[0Ksection_start:1608540862:download_artifacts
[0K[0K[36;1mDownloading artifacts[0;m
[0;msection_end:1608540863:download_artifacts
[0Ksection_start:1608540863:build_script
[0K[0K[36;1mRunning before_script and script[0;m
[0;m[32;1m$ npm i[0;m
npm WARN deprecated ini#1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
> core-js#3.6.5 postinstall C:\runner\builds\yMELGGtz\0\gitlab_username\project_name-auth-front\node_modules\core-js
> node -e "try{require('./postinstall')}catch(e){}"
> #angular/cli#11.0.4 postinstall C:\runner\builds\yMELGGtz\0\gitlab_username\project_name-auth-front\node_modules\#angular\cli
> node ./bin/postinstall/script.js
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\webpack-dev-server\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.13 (node_modules\watchpack-chokidar2\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#2.1.3 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
added 1650 packages from 1206 contributors and audited 1654 packages in 113.077s
79 packages are looking for funding
run `npm fund` for details
found 3 low severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
[32;1m$ npm run build-dev[0;m
> project_name-auth#0.0.0 build-dev C:\runner\builds\yMELGGtz\0\gitlab_username\project_name-auth-front
> ng build --hmr --base-href /auth/ --deploy-url /auth/
Unknown option: '--hmr'
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! project_name-auth#0.0.0 build-dev: `ng build --hmr --base-href /auth/ --deploy-url /auth/`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the project_name-auth#0.0.0 build-dev script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Windows\system32\config\systemprofile\AppData\Roaming\npm-cache\_logs\2020-12-21T08_56_23_982Z-debug.log
section_end:1608540984:build_script
[0Ksection_start:1608540984:upload_artifacts_on_failure
[0K[0K[36;1mUploading artifacts for failed job[0;m
[0;msection_end:1608540985:upload_artifacts_on_failure
[0K[31;1mERROR: Job failed: exit status 1
[0;m
Please note that my OS is Ubuntu 20.04 and I have replaced gitlab username and project name in the log with gitlab_username and project_name. (because it's not my project or my repository)
Expanding what #MikeOne wrote in the comment and as stated in webpack Hot Module Replacement documentation,
HMR is not intended for use in production, meaning it should only be
used in development.
Previously, in my package.json I had:
"scripts": {
"build": "ng build --prod --hmr --base-href /auth/ --deploy-url /auth/",
"build-dev": "ng build --hmr --base-href /auth/ --deploy-url /auth/"
},
So, I just changed it to:
"scripts": {
"build": "ng build --prod --base-href /auth/ --deploy-url /auth/",
"build-dev": "ng build --base-href /auth/ --deploy-url /auth/"
},
And it worked!

npm WARN notsup Unsupported engine for sequelize#6.1.0: wanted: {"node":">=10.0.0"}

{
"name": "express",
"version": "1.0.0",
"description": "",
"main": "app.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "nodemon app.js"
},
"author": "Pratik Ahirrao",
"license": "ISC",
"devDependencies": {
"nodemon": "^2.0.4"
},
"dependencies": {
"body-parser": "^1.19.0",
"ejs": "^3.1.3",
"express": "^4.17.1",
"express-handlebars": "^3.0.2",
"mysql2": "^2.1.0",
"pug": "^3.0.0"
}
}
i want to install sequelize in my nodejs application.
I am getting this error:-
npm install --save sequelize
npm WARN notsup Unsupported engine for sequelize#6.1.0: wanted: {"node":">=10.0.0"} (current: {"node":"8.10.0","npm":"6.14.4"})
npm WARN notsup Not compatible with your version of node/npm: sequelize#6.1.0
npm WARN notsup Unsupported engine for semver#7.3.2: wanted: {"node":">=10"} (current: {"node":"8.10.0","npm":"6.14.4"})
npm WARN notsup Not compatible with your version of node/npm: semver#7.3.2
npm WARN notsup Unsupported engine for sequelize-pool#6.0.0: wanted: {"node":">= 10.0.0"} (current: {"node":"8.10.0","npm":"6.14.4"})
npm WARN notsup Not compatible with your version of node/npm: sequelize-pool#6.0.0
npm ERR! Unexpected end of JSON input while parsing near '...4e5abc2adff5fa18def",'
npm ERR! A complete log of this run can be found in:
npm ERR! /home/pratik/.npm/_logs/2020-06-24T08_25_07_274Z-debug.log
What should I do?
I have solved my problem .
My node(8.10.0) was not compatible to install sequelize.
So i upgraded it to the latest version.
Here are the commands to upgrade your node to the latest version using n:-
sudo npm cache clean -f
sudo npm install -g n
sudo n latest

Can't install bcrypt on server for Vuejs 2.6.9/Webpack 4.29.6 project using NodeJS 10.15.3 and NPM 6.4.1 on a Vagrant virtual machine

I have been struggling to install bcrypt all weekend. Over the course of the weekend I have updated Node to version 10.15.3 (and npm 6.4.1).
A possible solution is to forget about bcrypt and install bcryptjs. My (perhaps unfounded?) concern is that the latest version (2.4.3) of bcryptjs is 2 years old whereas bcrypt has the benefit of continuous support. I would like to use bcrypt in my project.
Here is the error I got:
vagrant [server]> npm install bcrypt
npm WARN server#1.0.0 No description
npm WARN server#1.0.0 No repository field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.7 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm ERR! path /vagrant/barbershop-pevn/server/node_modules/bcrypt/node_modules/minipass/node_modules/yallist/package.json.3160920247
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall open
npm ERR! enoent ENOENT: no such file or directory, open '/vagrant/barbershop-pevn/server/node_modules/bcrypt/node_modules/minipass/node_modules/yallist/package.json.3160920247'
On the server folder...
package.json
{
"name": "server",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"start": "./node_modules/nodemon/bin/nodemon.js src/app.js --exec 'npm run lint && node'",
"lint": "./node_modules/.bin/eslint \"**/*.js\""
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"body-parser": "^1.18.3",
"cors": "^2.8.5",
"dotenv": "^7.0.0",
"express": "^4.16.4",
"joi": "^14.3.1",
"jsonwebtoken": "^8.5.0",
"morgan": "^1.9.1",
"pg": "^7.9.0",
"pg-hstore": "^2.3.2",
"semver": "^5.6.0",
"sequelize": "^5.1.0"
},
"devDependencies": {
"eslint": "^5.15.3",
"eslint-config-airbnb-base": "^13.1.0",
"eslint-plugin-import": "^2.16.0",
"eslint-plugin-vue": "^5.2.2",
"nodemon": "^1.18.10"
}
}
npm list -g --depth=0 returns:
/home/vagrant/.nvm/versions/node/v10.15.3/lib
├── #vue/cli#3.5.0
├── #vue/cli-init#3.5.0
├── http-server#0.11.1
├── node-gyp#3.8.0
├── npm#6.4.1
├── npm-check#5.9.0
└── npx#10.2.0
cat /etc/*release returns:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.6 LTS"
NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
OS of my mac: 10.13.6
MAJOR EDIT 1:
I did the following:
vagrant [server]> sudo apt install node-gyp
And then I got this error:
vagrant [server]> npm install bcrypt
npm WARN server#1.0.0 No description
npm WARN server#1.0.0 No repository field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.7 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.7: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm ERR! path /vagrant/barbershop-pevn/server/node_modules/bcrypt/node_modules/minipass/node_modules/safe-buffer/package.json.3118274111
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall open
npm ERR! enoent ENOENT: no such file or directory, open '/vagrant/barbershop-pevn/server/node_modules/bcrypt/node_modules/minipass/node_modules/safe-buffer/package.json.3118274111'
What am I missing? Any help that allows for the installation of bcrypt or at least points me in the right direction is greatly appreciated.
I think this is an npm issue. I can successfully install bcrypt using yarn or pnpm (which looks rather attractive) on NodeJS versions 8.15.1 and 10.15.3. My question was about installing bcrypt (not necessarily using npm) so I'm going to say I got a satisfactory answer for the time being: Use yarn or pnpm (or just install brcyptjs). I have raised an issue on github.

npm showing severity vulnerabilities Laravel

npm showing severity vulnerabilities, but using
npm chache clear
npm cache clear --force
npm audit fix
npm install
I have tried all of them but none of these solving my problem, please give some idea how I can solve it?
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
added 1505 packages from 755 contributors and audited 18951 packages in 378.007s
found 11 moderate severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
Running npm audit fix results
>npm audit fix npm WARN ajv-keywords#3.2.0 requires a peer of ajv#^6.0.0 but none is installed. You must install peer dependencies yourself. npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.2.4 (node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}) up to date in 118.757s fixed 0 of 11 vulnerabilities in 18990 scanned packages 11 vulnerabilities required manual review and could not be updated
and my package.json
{
"private": true,
"scripts": {
"dev": "npm run development",
"development": "cross-env NODE_ENV=development node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js",
"watch": "npm run development -- --watch",
"watch-poll": "npm run watch -- --watch-poll",
"hot": "cross-env NODE_ENV=development node_modules/webpack-dev-server/bin/webpack-dev-server.js --inline --hot --config=node_modules/laravel-mix/setup/webpack.config.js",
"prod": "npm run production",
"production": "cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --no-progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js"
},
"devDependencies": {
"axios": "^0.18",
"babel-preset-react": "^6.24.1",
"bootstrap": "^4.0.0",
"cross-env": "^5.1",
"jquery": "^3.2",
"laravel-mix": "^2.0",
"lodash": "^4.17.4",
"popper.js": "^1.12",
"vue": "^2.5.7"
},
"dependencies": []
}
The current Laravel package.json has this vulnerabilities because of hoek and tunnel-agent. laravel-mix is using the packages and load them through their package.json.
See more information about the issues here:
https://nodesecurity.io/advisories/566
https://nodesecurity.io/advisories/598
If you remove "laravel-mix": "^2.0", the vulnerabilities are gone, but you can't use Laravel Mix any more.
As per discussion here, I think the issue is fixed.
if someone is still interested to solve this issue, I google it and found this solution
append this key value to the scripts section in "package.json" file
"scripts": {
...
"preinstall": "npx npm-force-resolutions", // <-- appended
},
then add a new section after the "scripts" section as below
"resolutions": { // <-- appended
"yargs-parser": "^18.1.3"
},
now save the file and run "npm install", the vulnerabilities are gone :)
That means, you have 11 severity vulnerabilities in your downloaded packages.
Run npm audit and it will show you which packages are affected. Then check clearly, if the author has provided an update. If not, you can fix it by yourself, which can be very hard because you're not deep in their sources...
However, most of the up-to-date packages provide fixed in newer versions.
try this :
npm install npm#latest -g
You can install lastest npm version. The vulnerabilities alerts will be gone.

Resources