Develop Reference

Snyk complains about fsevents missing from package-lock, but fsevents is not a requirement and snyk ignores --strict-out-of-sync=false

Cannot run snyk on any of my projects today, getting the same error everywhere.
snyk test --strict-out-of-sync=false results in:
Dependency fsevents was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again.
npm install and npm install and npm i --package-lock-only do nothing
FSEvents is not even a requirement in package.json
relevant sections of the package.json:
"dependencies": {
"bcrypt": "^5.0.1",
"cookie-parser": "^1.4.5",
"cors": "^2.8.5",
"csurf": "^1.11.0",
"debug": "~4.3.1",
"express": "~4.17.1",
"express-handlebars": "^5.3.0",
"express-rate-limit": "^5.2.6",
"helmet": "^4.4.1",
"morgan": "~1.10.0",
"mysql2": "^2.2.5",
"node-cron": "^3.0.0",
"node-fetch": "^2.6.1",
"nodemailer": "^6.5.0",
"redis": "^3.1.0",
"sequelize": "^6.6.2",
"sequelize-cli": "^6.2.0",
"uuid": "^8.3.2",
"winston": "^3.3.3"
},
"devDependencies": {
"app-root-path": "^3.0.0",
"babel-eslint": "^10.1.0",
"chai": "^4.3.4",
"chai-http": "^4.3.0",
"eslint": "^7.23.0",
"express-openapi-validate": "^0.5.1",
"js-yaml": "^4.0.0",
"jsdoc": "^3.6.6",
"mocha": "^8.3.2",
"nyc": "^15.1.0",
"openapi-types": "^7.2.3",
"sinon": "^10.0.0",
"snyk": "^1.526.0",
"swagger-jsdoc": "^6.1.0",
"winston-syslog": "^2.4.4"
}
}

I hope you've already solved this but found this thread with the same issue so posting if someone finds it later.
fsevents is probably a transitive dependency for some of your other dependencies, check the package-lock.json for which one. It is a MacOS (darwin) only package to get access to file system events.
I got it working by running
npm upgrade
before running snyk again.

fsevents is used inside of jest or other testing library.
npm upgrade will update all outdated libraries. This approach is not recommended, if you do not want to update all the libraries you use. Instead of that, just update testing libraries you use and the issue will be gone.

Segmentation fault (core dumped) in a running node process running in docker container

My docker image is running on AWS ECS. It runs for some time and then the container crashes with the following message :
Segmentation fault (core dumped)
npm ERR! code ELIFECYCLE
npm ERR! errno 139
npm ERR! fantasyservice#1.0.0 server: tsc -p . && node --max-old-space-size=1700 ./dist/server.js
npm ERR! Exit status 139
npm ERR!
npm ERR! Failed at the fantasyservice#1.0.0 server script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm WARN Local package.json exists, but node_modules missing, did you mean to install?
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2020-07-08T07_51_00_148Z-debug.log
I found that this issue occurs when one of the libraries using C++ modules fails. My package.json has the following dependencies installed -
"dependencies": {
"#nestjs/graphql": "^6.5.3",
"#types/bull": "^3.10.6",
"#types/bull-arena": "^2.6.0",
"#types/check-types": "^7.3.1",
"#types/compression": "^1.0.1",
"#types/cors": "^2.8.6",
"#types/express": "^4.17.2",
"#types/graphql-type-json": "^0.3.2",
"#types/http-errors": "^1.6.2",
"#types/jsonwebtoken": "^8.3.5",
"#types/node": "^12.12.11",
"#types/node-fetch": "^2.5.3",
"#types/request": "^2.48.3",
"#types/request-promise": "^4.1.45",
"apollo-server-express": "^2.9.12",
"bcrypt": "^3.0.7",
"bull": "^3.12.1",
"bull-arena": "^2.6.4",
"check-types": "^11.0.0",
"compression": "^1.7.4",
"cookie-parser": "^1.4.4",
"core-util-is": "^1.0.2",
"cors": "^2.8.5",
"easygraphql-format-error": "0.0.3",
"express": "^4.17.1",
"express-graphql": "^0.9.0",
"express-winston": "^4.0.1",
"graphql": "^14.5.8",
"graphql-tools": "^4.0.6",
"graphql-type-json": "^0.3.1",
"http-errors": "^1.7.3",
"is-my-json-valid": "^2.20.0",
"jsonwebtoken": "^8.5.1",
"newrelic": "^6.3.0",
"object-mapper": "^6.0.1",
"pg": "^7.13.0",
"pug": "^2.0.4",
"redis": "^2.8.0",
"reflect-metadata": "^0.1.13",
"request": "^2.88.0",
"request-promise": "^4.2.5",
"segfault-handler": "^1.3.0",
"tsc-watch": "^4.0.0",
"tsconfig-paths": "^3.9.0",
"type-graphql": "^0.17.5",
"typeorm": "^0.2.20",
"typeorm-encrypted-column": "0.0.4",
"typeorm-naming-strategies": "^1.1.0",
"typescript": "^3.7.2",
"webpack-dev-server": "^3.9.0",
"winston": "^3.2.1",
"winston-daily-rotate-file": "^4.2.1",
"winston-loggly-bulk": "^3.0.1"
}
And my docker file is the following
FROM node:10
RUN apt update
RUN npm install typescript -g
COPY package*.json ./
RUN npm install
RUN npm rebuild bcrypt --build-from-source
ADD . /app
WORKDIR /app
CMD npm run server
I have tried increasing the ulimit, changed the node version in docker file and reduced the --max-old-space-size but to no effect. I also found out that npm rebuild bcrypt --build-from-source fixes an issue with bcrypt that causes this problem and have added that in my docker file link.

node app fails to run on mojave: ReferenceError: internalBinding is not defined

I've tried to unsuccessfully run a node app, which runs fine on both High Sierra and Windows 10, but fails on Mojave 10.14.1.
This is the error shown when running the gulp build_dev task:
[23:44:42] Requiring external module babel-register
fs.js:25
'use strict';
^
ReferenceError: internalBinding is not defined
at fs.js:25:1
at req_ (/Users/user1/Documents/NodeProjects/myapp/node_modules/natives/index.js:137:5)
at Object.req [as require] (/Users/user1/Documents/NodeProjects/myapp/node_modules/natives/index.js:54:10)
at Object.<anonymous> (/Users/user1/Documents/NodeProjects/myapp/node_modules/vinyl-fs/node_modules/graceful-fs/fs.js:1:37)
at Module._compile (internal/modules/cjs/loader.js:707:30)
at Module._extensions..js (internal/modules/cjs/loader.js:718:10)
at Object.require.extensions.(anonymous function) [as .js] (/Users/user1/Documents/NodeProjects/myapp/node_modules/babel-register/lib/node.js:152:7)
at Module.load (internal/modules/cjs/loader.js:605:32)
at tryModuleLoad (internal/modules/cjs/loader.js:544:12)
at Function.Module._load (internal/modules/cjs/loader.js:536:3)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! myapp#1.0.0 dev: `node node_modules/gulp/bin/gulp.js build_dev`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the myapp#1.0.0 dev script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/user1/.npm/_logs/2018-11-04T22_44_42_709Z-debug.log
This is the content of the package.json file with all the dependencies used in the application:
{
"name": "myapp",
"version": "1.0.0",
"description": "",
"main": "server.js",
"scripts": {
"test-dev": "node node_modules/gulp/bin/gulp.js test_dev",
"test-prod": "node node_modules/gulp/bin/gulp.js test_prod",
"dev": "node node_modules/gulp/bin/gulp.js build_dev",
"prod": "node node_modules/gulp/bin/gulp.js build_prod"
},
"author": "",
"license": "ISC",
"dependencies": {
"babel-polyfill": "^6.26.0",
"body-parser": "^1.17.2",
"cookie-parser": "^1.4.3",
"envify": "^4.1.0",
"express": "^4.16.2",
"glob": "^7.1.2",
"http-status-codes": "^1.1.6",
"morgan": "^1.8.2",
"multi-glob": "^1.0.1",
"npm": "^6.4.1",
"path": "^0.12.7"
},
"devDependencies": {
"babel-cli": "^6.24.1",
"babel-core": "^6.26.0",
"babel-plugin-syntax-async-functions": "^6.13.0",
"babel-plugin-transform-async-to-generator": "^6.24.1",
"babel-preset-env": "^1.6.0",
"babel-register": "^6.24.1",
"babelify": "^7.3.0",
"browser-sync": "^2.26.3",
"browserify": "^16.1.0",
"gulp": "^3.9.1",
"gulp-concat": "^2.6.1",
"gulp-if": "^2.0.2",
"gulp-imagemin": "^3.3.0",
"gulp-minify-css": "^1.2.4",
"gulp-nodemon": "^2.2.1",
"gulp-notify": "^3.0.0",
"gulp-rename": "^1.2.2",
"gulp-sass": "^3.1.0",
"gulp-sass-glob": "^1.0.8",
"gulp-sourcemaps": "^2.6.0",
"gulp-uglify": "^3.0.0",
"gulp-util": "^3.0.8",
"imagemin-pngquant": "^5.0.1",
"run-sequence": "^2.2.0",
"vinyl-buffer": "^1.0.0",
"vinyl-source-stream": "^1.1.0"
}
}
Any hint on how to debug this problem? Could be related to gcc compiler version?
node version: 11.1.0
npm version: 6.4.1
At this link I've uploaded the log of the "npm install" command to install dependencies: npm_install.log

Try updating natives to the latest version. This commit seems to resolve the issue you're having.

I downgraded Node version from 10.15.0(LTS) to 10.10.0. And this fixed internalBinding error for me.
sudo npm cache clean -f
sudo npm install -g n
sudo n 10.10.0

In my case, the issue was with the node_modules installation, so do the following.
Perform a yarn audit
Check if you have any critical vulnerabilities
Either upgrade the version of the module or search for an alternative module.
yarn install
You should be good to go
Note: Issue was not with the node version in my case it was just a vulnerable module(gulp-angular-templatecache). I also suggest you do npm upgrade and npm rebuild if the above method doesn't work.
npm audit doesn't work with private repositories but yarn audit does.

npm WARN The package is included as both a dev and production dependency

When running npm install
I got these warning:
npm WARN The package babel-core is included as both a dev and production dependency.
npm WARN The package babel-loader is included as both a dev and production dependency.
npm WARN The package babel-preset-react is included as both a dev and production dependency.
npm WARN The package redux-thunk is included as both a dev and production dependency.
npm WARN The package uglifyjs is included as both a dev and production dependency.
up to date in 7.183s
npm WARN The package babel-core is included as both a dev and production dependency.
npm WARN The package babel-loader is included as both a dev and production dependency.
npm WARN The package babel-preset-react is included as both a dev and production dependency.
npm WARN The package redux-thunk is included as both a dev and production dependency.
npm WARN The package uglifyjs is included as both a dev and production dependency.
package.json file:
{
...
"dependencies": {
"axios": "^0.15.3",
"babel-core": "^6.10.4",
"babel-loader": "^6.2.4",
"babel-polyfill": "^6.9.1",
"babel-preset-es2015": "^6.9.0",
"babel-preset-react": "^6.11.1",
"babel-preset-stage-2": "^6.24.1",
"babel-register": "^6.9.0",
"bluebird": "^3.5.0",
"bootstrap-sass": "^3.3.7",
"classnames": "^2.2.5",
"console-polyfill": "^0.2.3",
"cross-env": "^1.0.8",
"css-loader": "^0.23.1",
"deepmerge": "^1.3.2",
"dom-helpers": "^3.0.0",
"expect": "^1.20.1",
"fuzzy": "^0.1.3",
"moment": "^2.18.1",
"node-libs-browser": "^1.0.0",
"node-sass": "^3.8.0",
"react": "^15.1.0",
"react-addons-shallow-compare": "15.4.0",
"react-addons-test-utils": "^15.1.0",
"react-axios": "0.0.9",
"react-bootstrap-daterangepicker": "^3.2.2",
"react-daterange-picker": "^1.1.0",
"react-dom": "^15.1.0",
"react-draggable": "^2.2.3",
"react-redux": "^4.4.8",
"react-router": "^3.0.2",
"react-virtualized": "^8.5.2",
"redux": "^3.6.0",
"redux-logger": "^2.6.1",
"redux-promise": "^0.5.3",
"redux-promise-middleware": "^4.2.0",
"redux-thunk": "^2.1.0",
"sass-loader": "^4.0.0",
"style-loader": "^0.13.1",
"uglifyjs": "=2.4.10",
"webpack-dev-middleware": "^1.6.1",
"webpack-dev-server": "^1.14.1",
"webpack-hot-middleware": "^2.11.0"
},
"devDependencies": {
"assets-webpack-plugin": "^3.5.1",
"babel-core": "^6.24.1",
"babel-loader": "^7.0.0",
"babel-plugin-add-module-exports": "^0.2.1",
"babel-plugin-react-transform": "^2.0.2",
"babel-plugin-transform-decorators-legacy": "^1.3.4",
"babel-preset-es2016": "^6.24.1",
"babel-preset-react": "^6.24.1",
"babel-preset-stage-3": "^6.24.1",
"didyoumean": "^1.2.1",
"extract-text-webpack-plugin": "^1.0.1",
"glob": "^7.1.1",
"postcss-loader": "^1.3.0",
"purifycss-webpack-plugin": "^2.0.3",
"react-transform-hmr": "^1.0.4",
"redux-thunk": "^2.2.0",
"uglifyjs": "=2.4.10",
"webpack": "^1.15.0",
"webpack-cleanup-plugin": "^0.5.1",
"webpack-split-chunks": "^0.1.1"
}
}
Noticed that there were different versions installed. What exactly happens when there are two versions of the same package installed for dev and prod? Is this normal behavior? Should I get rid of the dupe references in the package.json file?

You have the package referred to in both sections of your dependencies; you should totally not do this because it means that your production install will have a different version to your development install.
If you do npm install you will get all dependencies & devDependencies installed; however if you do npm install --production you only get dependencies installed.
You should remove things you don't need for your app to run from dependencies and place them in devDependencies. Things in dependencies should be seen as requirements to run the application (after any code transformation has occurred).
There is zero case where a dependency should be in both.

My use-case is exactly what #Jim pointed out in the comment of the accepted answer, In development I wanted to use my local module files as I was working on it the same time I worked on my other projects using it.
In production I would use the module from VCS, and I don't want to manually change the package.json file every time.
This is how I set up my package.json:
"dependencies": {
"module-name": "git+ssh://git#bitbucket.org/XXX/XXX.git#master"
},
"devDependencies": {
"module-name-dev": "file:../XXX"
}
With this setup, npm doesn't give me any errors, because the modules name are different, now what left to do is to require the dev package in development instead the main one.
I found the module-alias package, it allows you to use alias names for paths you want to require.
In your app.js file at the very beginning you need to add this code:
if (process.env.NODE_ENV === 'development') {
const moduleAlias = require('module-alias');
moduleAlias.addAlias('module-name', 'module-name-dev');
}
From now on, every time you require the module-name module, you will actually get the module-name-dev in development.
In production you shouldn't install the devDependencies, and the alias will not work, so no extra steps needed to change between the 2.
Working with webpack
If you are using webpack, you do not need the module-alias, you can add alias to the webpack config using webpack-chain like this:
chainWebpack: (config) => {
if (process.env.NODE_ENV === 'development') {
config.resolve.alias
.set('module-name', 'module-name-dev');
}
},

Npm dependencies not installed through chef

We are trying to resolve node dependencies using 'npm install' in chef recipe through execute resource.
This my chef recipe :
execute "download dependancies from package.json" do
command "npm install --silent"
user "#{node['non_root_user']}"
end
This is my package json :
"dependencies": {
"classnames": "^2.2.5",
"keymirror": "^0.1.1",
"moment": "^2.10.2",
"moment-timezone": "^0.4.0",
"node-sass": "^3.2.0",
"parse": "^1.4.2",
"react": "^0.13.2",
"react-swipeable": "^3.0.2"
},
"devDependencies": {
"babel-eslint": "^4.0.10",
"brfs": "^1.4.0",
"browser-sync": "^2.6.7",
"browserify": "^9.0.7",
"browserify-shim": "^3.8.5",
"classnames": "^2.2.5",
"dotenv": "^1.2.0",
"eslint": "^1.1.0",
"eslint-plugin-react": "^3.2.3",
npm install only installs dev-dependencies but not dependencies. is there any automated way to install all dependencies using npm install? Am I missing anything additional configuration with npm.

What you have is fine so there is probably some other issue. If you want something simpler check out the poise-javascript and application_javascript cookbooks though.