I'm in the process of setting up my ReactJS environment, and I'm following the FrontendMasters course on the topic.
After having installed eslint and prettier globally via Yarn, the author runs this command eslint js\**\*.{js,jsx} and on his machine, all is good, but I get the following:
Oops! Something went wrong! :(
ESLint couldn't find the plugin "eslint-plugin-prettier". This can happen for a couple different reasons:
If ESLint is installed globally, then make sure eslint-plugin-prettier is also installed globally. A globally-installed ESLint cannot find a locally-installed plugin.
If ESLint is installed locally, then it's likely that the plugin isn't installed correctly. Try reinstalling by running the following:
npm i eslint-plugin-prettier#latest --save-dev
If you still can't figure out the problem, please stop by https://gitter.im/eslint/eslint to chat with the team.
I tried Google, but couldn't find anything relevant. Why is this happening? I am on Windows 10, using the latest version of Yarn (v0.24.6) and my eslintrc.json looks like this:
{
"extends": ["airbnb", "prettier", "prettier/react"],
"plugins": ["prettier"],
"parserOptions": {
"ecmaVersion": 2016,
"sourceType": "module",
"ecmaFeatures": {
"jsx": true
}
},
"env": {
"es6": true,
"browser": true,
"node": true
}
}
UPDATE
I followed Daydream's advice below, though I do not have nvm installed. But I did delete the node_modules folder, and after a chat in ESLint's Gitter, I went ahead and uninstalled ESLint, and Prettier globally. I then made ESLint and Prettier devDependencies. Finally I ran yarn command to reinstall everything, and now I get this:
Note: The project is open source, and is on GitHub if you want to see for yourself.
I just ran into the same issue myself. It appears to be an issue with the newest version of eslint, mine was 4.2.0. To fix this I:
run: Yarn remove eslint
or
run: npm uninstall eslint
this will remove it locally, then
run: yarn add eslint#3.19.0
or run: npm install eslint#3.19.0
run: eslint **/*.{js,jsx} --quiet
my paths may be set up different so do this in conjunction with "Daydream Nation" answer you should get it working. I'm not sure what version os eslint Brian is using and I'm sure if you pull down one of his most recent repo's it will tell you but hopefully this will guide you in the right direction.
I was missing several packages. Here is how I fixed it.
npm i eslint-config-prettier -save-dev
npm i eslint-config-standard -save-dev
npm i eslint-plugin-node -save-dev
npm i eslint-plugin-promise -save-dev
Here is my package.json
{
"name": "rpp-react",
"private": true,
"scripts": {
"start": "meteor run"
},
"dependencies": {
"babel-runtime": "^6.20.0",
"meteor-node-stubs": "~0.2.4",
"prop-types": "^15.5.10",
"react": "^15.6.1",
"react-addons-pure-render-mixin": "^15.6.0",
"react-dom": "^15.6.1",
"react-tap-event-plugin": "^2.0.1"
},
"devDependencies": {
"babel-eslint": "^8.0.0",
"eslint": "^4.7.2",
"eslint-config-prettier": "^2.5.0",
"eslint-config-standard": "^10.2.1",
"eslint-plugin-flowtype": "^2.35.1",
"eslint-plugin-import": "^2.7.0",
"eslint-plugin-jsx-a11y": "^5.1.1",
"eslint-plugin-node": "^5.1.1",
"eslint-plugin-prettier": "^2.3.1",
"eslint-plugin-promise": "^3.5.0",
"eslint-plugin-react": "^7.3.0",
"eslint-plugin-standard": "^3.0.1",
"prettier": "^1.7.0"
}
}
Here is my .eslintrc.json
{
"extends": [
"standard",
"plugin:flowtype/recommended",
"plugin:react/recommended",
"prettier",
"prettier/flowtype",
"prettier/react",
"prettier/standard"
],
"plugins": [
"flowtype",
"react",
"prettier",
"standard"
],
"parserOptions": {
"sourceType": "module",
"ecmaFeatures": {
"jsx": true
}
},
"env": {
"es6": true,
"node": true
},
"rules": {
"prettier/prettier": "error"
}
}
This is an UGLY HACK, but it was the ONLY WAY for me... to solve this problem.
I used "strace" tool to check what modules are required, i copied that files (pacience in this step please!) and it worked :)
strace eslint --debug Person.js
Yes... you have to scroll some lines until you found something like this:
stat("/usr/local/share/.config/yarn/global/node_modules/eslint/node_modules/eslint-plugin-prettier", 0x7fff5c139db0) = -1 ENOENT (No such file or directory)
You need to COPY that required modules... and it will work.
These are a list of modules that i had to copy manually (inside /usr/local/share/.config/yarn/global/node_modules/eslint/node_modules/)
eslint-config-airbnb
eslint-config-airbnb-base
eslint-plugin-import
eslint-plugin-jsx-a11y
eslint-plugin-prettier
eslint-plugin-prettier/node_modules/fast-diff
eslint-plugin-react
Please excuse my ugly english, i'm learning :)
I got the same error ("cannot find module eslint-config-prettier/react") while following the steps from the Frontend Masters course you mention and was able to resolve it by installing eslint-config-prettier, as shown below, before running the lint script:
npm install --save-dev eslint-config-prettier
or, if using yarn:
yarn add --dev eslint-config-prettier
Note that eslint-config-prettier "turns off all rules that are unnecessary or might conflict with prettier".
For me it happened after I (intentionally) uninstalled "eslint-plugin-prettier", and forgot to remove "prettier" from the "plugins" array in my eslint config, like so:
package.json:
{
// ...
"eslintConfig": {
// ...
"plugins": [
// ...
// This needed to be removed
"prettier"
]
}
}
I'm also doing the course, and the first tip I saw on the web was to reference the direct path to eslint via the installation by yarn into node_modules:
./node_modules/.bin/eslint **/*.{js,jsx} --quiet
But then after that, I was met with an error message with - Unexpected top-level property "ecmaFeatures"
Ultimately, what I did to solve the problem was to erase node_modules, erase everything from~/.nvm/versions/node/<the version>/lib/node_modules except for the npm and yarn folders, and just typed yarn to re-install everything.
After that,./node_modules/.bin/eslint **/*.{js,jsx} --quiet worked fine (but I still had to specify the path to the installation.
Hope that helps!
Related
I have a large, existing package-lock.json and a lot of dependencies that have been resolved via http://registry.npmjs.org/.
e.g.
{
"name": "my-package",
"version": "1.2.3",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"#babel/cli": {
"version": "7.7.4",
"resolved": "https://registry.npmjs.org/#babel/cli/-/cli-7.7.4.tgz",
"integrity": "sha512-O7mmzaWdm+VabWQmxuM8hqNrWGGihN83KfhPUzp2lAW4kzIMwBxujXkZbD4fMwKMYY9FXTbDvXsJqU+5XHXi4A==",
"dev": true,
"requires": {
"chokidar": "^2.1.8",
"commander": "^4.0.1",
"convert-source-map": "^1.1.0",
"fs-readdir-recursive": "^1.1.0",
"glob": "^7.0.0",
"lodash": "^4.17.13",
"make-dir": "^2.1.0",
"slash": "^2.0.0",
"source-map": "^0.5.0"
},
"dependencies": {
"commander": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/commander/-/commander-4.0.1.tgz",
"integrity": "sha512-IPF4ouhCP+qdlcmCedhxX4xiGBPyigb8v5NeUp+0LyhwLgxMqyp3S0vl7TAPfS/hiP7FC3caI/PB9lTmP8r1NA==",
"dev": true
},
"make-dir": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/make-dir/-/make-dir-2.1.0.tgz",
"integrity": "sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==",
"dev": true,
"requires": {
"pify": "^4.0.1",
"semver": "^5.6.0"
}
},
"pify": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
"integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
"dev": true
},
"source-map": {
"version": "0.5.7",
"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
"integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=",
"dev": true
}
}
},
...
I have my registry configured to be an NPM Enterprise installation that hosts proprietary NPM packages and mirrors the public NPM registry.
registry = "https://custom.registry.tld/path/npm/npm-aggregate"
This works for newly installed packages, but many existing packages still point to the public NPM registry. I tried overwriting the package-lock.json using npm i or npm i --package-lock-only.
How can I force NPM to use my Enterprise NPM registry and write the correct resolved URLs to package-lock.json? I probably could just "find and replace", but I want to make sure that NPM is resolving dependencies correctly.
I am running npm -v 6.14.15
I simply changed the registry entries manually in the package-lock.json and deleted the node_modules folder, then ran an npm i to solve this issue.
Some solutions that didn't work for me:
When I tried to change the registry simply using the npm CLI by clearing the cache npm cache clear --force, and npm i --registry none of this worked. The registry didn't change at all, and in fact was reverted after running npm i in any form.
I then tried to remove the package-lock.json and node_modules and ran an install. This caused a lot of versions in my package-lock.json to change and caused my particular projects builds to fail.
I found that the steps I followed got what I wanted although it may not be a part of best practices with npm.
Overriding the registry will not replace existing "resolved": "https://xxx..." entries in the package-lock.json.
If this one is wrong from a previous creation, you have to delete it, then run again your npm i. It will create a fresh one with the registry previously configured.
Unfortunately, the package-lock.json file is meant to hardcode the registry of each package. It is intended.
We could imagine a future option in NPM to force the registry, in combination with an integrity check to make sure the packages are identical. (Feel free to send a feature request to the core team)
As of today, npm does not cover this use case. You are forced to ignore the package-lock.json to bypass this limitation.
(as of today, the latest version of NPM is 8.13.2)
Find/replace registry in package-lock
Delete node_modules
Verify npm install works
Following warning is being thrown on npm install command -
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#1.1.2 (node_modules\rea
ct-scripts\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#
1.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}
)
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents#^1.0.0 (node_modules\ch
okidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents#
1.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}
)
The warning is apparently causing our Jenkins Job to mark failed, so we are just trying to get rid of the same.
I already checked this https://stackoverflow.com/a/42938398/351903
But, unlike what is mentioned there, I do not have any /node_modules/fserrors in my setup. Also, my package.json does not contain fserrors. Following is my package.json -
{
"name": "mvc-panel",
"version": "0.1.0",
"private": true,
"dependencies": {
"bootstrap": "^3.3.7",
"jquery": "^3.2.1",
"material-ui": "^0.18.3",
"qs": "^6.4.0",
"react": "^15.5.4",
"react-alert": "^2.1.2",
"react-bootstrap-table": "^3.4.1",
"react-dom": "^15.5.4",
"react-loader": "^2.4.2",
"react-router-dom": "^4.1.1",
"react-tap-event-plugin": "^2.0.1",
"serve": "^6.0.0"
},
"devDependencies": {
"datatables.net": "^1.10.15",
"jquery": "^3.2.1",
"react-scripts": "^1.0.7"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test --env=jsdom",
"eject": "react-scripts eject"
}
}
I can see fsevents in the package.json of react-scripts (which is defined under devDependencies of my package.json) in node_modules\react-scripts\package.json -
{
"_args": [
[
{
"raw": "react-scripts#^1.0.7",
"scope": null,
"escapedName": "react-scripts",
"name": "react-scripts",
"rawSpec": "^1.0.7",
"spec": ">=1.0.7 <2.0.0",
"type": "range"
},
"D:\\Sandeepan\\Payu MVC\\backend codebase\\MVC2.0\\panel\\mvc-panel"
]
],
"_from": "react-scripts#>=1.0.7 <2.0.0",
"_id": "react-scripts#1.0.14",
"_inCache": true,
"_location": "/react-scripts",
"_nodeVersion": "8.5.0",
"_npmOperationalInternal": {
"host": "s3://npm-registry-packages",
"tmp": "tmp/react-scripts-1.0.14.tgz_1506471610836_0.5613740666303784"
},
"_npmUser": {
"name": "timer",
"email": "timer150#gmail.com"
},
"_npmVersion": "5.3.0",
"_phantomChildren": {
"asap": "2.0.6",
"escape-string-regexp": "1.0.5",
"graceful-fs": "4.1.11",
"has-ansi": "2.0.0",
"universalify": "0.1.1"
},
"_requested": {
"raw": "react-scripts#^1.0.7",
"scope": null,
"escapedName": "react-scripts",
"name": "react-scripts",
"rawSpec": "^1.0.7",
"spec": ">=1.0.7 <2.0.0",
"type": "range"
},
"_requiredBy": [
"#DEV:/"
],
"_resolved": "https://registry.npmjs.org/react-scripts/-/react-scripts-1.0.14.tgz",
"_shasum": "70fe76c9beb67b136b953e875bdfe4ad78d410d1",
"_shrinkwrap": null,
"_spec": "react-scripts#^1.0.7",
"_where": "D:\\Sandeepan\\Payu MVC\\backend codebase\\MVC2.0\\panel\\mvc-panel",
"bin": {
"react-scripts": "./bin/react-scripts.js"
},
"bugs": {
"url": "https://github.com/facebookincubator/create-react-app/issues"
},
"dependencies": {
"autoprefixer": "7.1.2",
"babel-core": "6.25.0",
"babel-eslint": "7.2.3",
"babel-jest": "20.0.3",
"babel-loader": "7.1.1",
"babel-preset-react-app": "^3.0.3",
"babel-runtime": "6.26.0",
"case-sensitive-paths-webpack-plugin": "2.1.1",
"chalk": "1.1.3",
"css-loader": "0.28.4",
"dotenv": "4.0.0",
"eslint": "4.4.1",
"eslint-config-react-app": "^2.0.1",
"eslint-loader": "1.9.0",
"eslint-plugin-flowtype": "2.35.0",
"eslint-plugin-import": "2.7.0",
"eslint-plugin-jsx-a11y": "5.1.1",
"eslint-plugin-react": "7.1.0",
"extract-text-webpack-plugin": "3.0.0",
"file-loader": "0.11.2",
"fs-extra": "3.0.1",
"fsevents": "1.1.2",
"html-webpack-plugin": "2.29.0",
"jest": "20.0.4",
"object-assign": "4.1.1",
"postcss-flexbugs-fixes": "3.2.0",
"postcss-loader": "2.0.6",
"promise": "8.0.1",
"react-dev-utils": "^4.1.0",
"style-loader": "0.18.2",
"sw-precache-webpack-plugin": "0.11.4",
"url-loader": "0.5.9",
"webpack": "3.5.1",
"webpack-dev-server": "2.8.2",
"webpack-manifest-plugin": "1.2.1",
"whatwg-fetch": "2.0.3"
},
"description": "Configuration and scripts for Create React App.",
"devDependencies": {
"react": "^15.5.4",
"react-dom": "^15.5.4"
},
"directories": {},
"dist": {
"integrity": "sha512-+p0q2N2WW7L4WW6uObqN7fYwSQZ9fBI0StpMYl1Ukoz/lCbemf+yW6b8refyhTsGy62GAqxlpyEfVcTE3hJAxg==",
"shasum": "70fe76c9beb67b136b953e875bdfe4ad78d410d1",
"tarball": "https://registry.npmjs.org/react-scripts/-/react-scripts-1.0.14.tgz"
},
"engines": {
"node": ">=6"
},
"files": [
"bin",
"config",
"scripts",
"template",
"utils"
],
"homepage": "https://github.com/facebookincubator/create-react-app#readme",
"license": "MIT",
"maintainers": [
{
"name": "timer",
"email": "timer150#gmail.com"
},
{
"name": "fb",
"email": "opensource+npm#fb.com"
},
{
"name": "gaearon",
"email": "dan.abramov#gmail.com"
}
],
"name": "react-scripts",
"optionalDependencies": {
"fsevents": "1.1.2"
},
"readme": "ERROR: No README data found!",
"repository": {
"type": "git",
"url": "git+https://github.com/facebookincubator/create-react-app.git"
},
"version": "1.0.14"
}
Update
I tried running the npm install command and getting the exit status of the earlier command. It showed 0 meaning success, despite the warnings. So, it does not look like Jenkins job should be stuck due to this. However, we are still trying to find a way to get rid of this warning because it is not relevant to our OS.
fsevents is dealt differently in mac and other linux system. Linux system ignores fsevents whereas mac install it. As the above error message states that fsevents is optional and it is skipped in installation process.
You can run npm install --no-optional command in linux system to avoid above warning.
Further information
https://github.com/npm/npm/issues/14185
https://github.com/npm/npm/issues/5095
If you want to hide this warn, you just need to install fsevents as a optional dependency.
Just execute:
npm i fsevents#latest -f --save-optional
..And the warn will no longer be a bother.
npm i -f
I'd like to repost some comments from this thread, where you can read up on the issue and the issue was solved.
This is exactly Angular's issue. Current package.json requires fsevent
as not optionalDependencies but devDependencies. This may be a problem
for non-OSX users.
Sometimes
Even if you remove it from package.json npm i still fails because
another module has it as a peer dep.
So
if npm-shrinkwrap.json is still there, please remove it or try npm i
-f
package.json counts with a optionalDependencies key.
NPM on Optional Dependencies.
You can add fsevents to this object and if you find yourself installing packages in a different platform than MacOS, fsevents will be skipped by either yarn or npm.
"optionalDependencies": {
"fsevents": "2.1.2"
},
You will find a message like the following in the installation log:
info fsevents#1.2.11: The platform "linux" is incompatible with this module.
info "fsevents#1.2.11" is an optional dependency and failed compatibility check. Excluding it from installation.
info fsevents#2.1.2: The platform "linux" is incompatible with this module.
info "fsevents#2.1.2" is an optional dependency and failed compatibility check. Excluding it from installation.
Hope it helps!
I found the same problem and i tried all the solution mentioned above and in github. Some works only in local repository, when i push my PR in remote repositories with travic-CI or Pipelines give me the same error back. Finally i fixed it by using the npm command below.
npm audit fix --force
This no longer happens with npm v7. You can update your npm version or update to node v15 or higher, which by default installs npm v7.
Follow these steps -
Go to the project's "package.lock.json" file
Press "Ctrl+F" (to enable search)
Type "darwin"
Rename it to 'linux'
I also had the same issue though am using MacOS. The issue is kind of bug. I solved this issue by repeatedly running the commands,
sudo npm cache clean --force
sudo npm uninstall
sudo npm install
One time it did not work but when I repeatedly cleaned the cache and after uninstalling npm, reinstalling npm, the error went off. I am using Angular 8 and this issue is common
Instead of using --no-optional every single time, we can just add it to npm or yarn config.
For Yarn, there is a default no-optional config, so we can just edit that:
yarn config set ignore-optional true
For npm, there is no default config set, so we can create one:
npm config set ignore-optional true
Do this:
npm install --no-optional
For more info on this go through: https://github.com/npm/npm/issues/11632
I'm using,
Angular CLI: 8.1.2
Node: 12.14.1
OS: win32 x64
Strangely, this helped me
npm cache clean --force
npm uninstall #angular/cli
npm install #angular/cli#8.1.2
For anyone reading it recently, the simplest thing to do on Ubuntu is to install the latest LTS versions of nvm, node.js, and nmp. from version 7 of node.js, these issues have been sorted out.
Refer to this guide:
https://computingforgeeks.com/how-to-install-node-js-on-ubuntu-debian/
I solved this by deleting the node_modules folder and running npm i.
I got the same error. In my case, I was using a mapped drive to edit code off of a second computer, that computer was running linux. Not sure exactly why gulp-watch relies on operating system compatibility prior to install (I would assume it has to do with security purposes). Essentially the error is checking against your operating system and the operating system calling the node module, in my case the two operating systems were not the same so it threw it error. Which from the looks of your error is the same as mine.
The Error
Unsupported platform for fsevents#1.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
How I fixed it?
I logged into the linux computer directly and ran
npm install --save-dev <module-name>
Then went back into my coding environment and everything was fine after that.
Hope that helps!
run
npm install -D vue-loader vue-template-compiler
Vue CLI
If you are not interested in manually setting up webpack, it is recommended to scaffold a project with Vue CLI instead. Projects created by Vue CLI are pre-configured with most of the common development needs working out of the box.
Follow this guide if the built-in configuration of Vue CLI does not suit your needs, or you'd rather create your own webpack config from scratch.
#Manual Setup
#Installation
Unless you are an advanced user using your own forked version of Vue's template compiler, you should install vue-loader and vue-template-compiler together:
Check your node version and check if the package.json was generate using a different version of node.
I downloaded a repo created from Mac from a Linux and faced this error when trying to npm install. I was using node v14.15.0 and when I switched to v16.13.0, the error disappeared.
Yes, it works when with the command npm install --no-optional
Using environment:
iTerm2
macos login to my vm ubuntu16 LTS.
I had got this error, Linux system(Ubuntu) and This might happen when you run :
npm install
1) If the project is not present in your localdisk/computer, copy it to your computer and try again. So you get the permission to access folder (Just make sure you have access permission).
2) If you still get some warnings or errors, run:
npm audit fix
This will solve vulnerabilities in your dependencies and can help you fix a vulnerability by providing simple-to-run npm commands and recommendations for further troubleshooting.
Hope it helps!
Switch to PNPM: https://pnpm.js.org/
The fsevents warnings are gone (on Linux).
Even the latest yarn (2.x) shows the warnings.
If anyone get this error for ionic cordova install . just use this code npm install --no-optional in your cmd.
And then run this code npm install -g ionic#latest cordova
Use sudo npm install -g appium.
I would like to use the grunt-contrib-jasmine NPM package. It has various dependencies. Part of the dependency graph looks like this:
─┬ grunt-contrib-jasmine#0.4.1
│ ├─┬ grunt-lib-phantomjs#0.2.0
│ │ ├─┬ phantomjs#1.8.2-2
Unfortunately, there's a bug in this version phantomjs which prevents it from installing correctly on Mac OS X. This is fixed in the latest version.
How can I get grunt-lib-phantomjs to use a newer version of phantomjs?
Some additional context:
grunt-contrib-jasmine explicitly requires version "~0.2.0" of grunt-lib-phantomjs, which explicitly requires version "~1.8.1" of phantomjs.
Adding phantomjs to my package's dependencies first has no effect; both versions are installed and grunt-contrib-jasmine still uses the older versions (see: When installing a package with NPM, can you tell it to use a different version of one of its dependencies?).
You can use npm shrinkwrap functionality, in order to override any dependency or sub-dependency.
I've just done this in a grunt project of ours. We needed a newer version of connect, since 2.7.3. was causing trouble for us. So I created a file named npm-shrinkwrap.json:
{
"dependencies": {
"grunt-contrib-connect": {
"version": "0.3.0",
"from": "grunt-contrib-connect#0.3.0",
"dependencies": {
"connect": {
"version": "2.8.1",
"from": "connect#~2.7.3"
}
}
}
}
}
npm should automatically pick it up while doing the install for the project.
(See: https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/)
As of npm cli v8.3.0 (2021-12-09) this can be solved using the overrides field of package.json. As described in StriplingWarrior's answer
For example, the project has typescript version 4.6.2 as direct development dependency and awesome-typescript-loader that uses old version 2.7 of typescript. Here is how you can tell npm to use version 4.6.2 of typescript for awesome-typescript-loader:
{
"name": "myproject",
"version": "0.0.0",
"scripts": ...
"dependencies": ...
"devDependencies": {
"typescript": "~4.6.2",
"awesome-typescript-loader": "^5.2.1",
...
},
"overrides": {
"awesome-typescript-loader": {
"typescript": "$typescript"
}
}
}
If you don't use typescript as direct development dependency, then you have to write 4.6.2 instead of $typescript in overrides section:
{
"name": "myproject",
"version": "0.0.0",
"scripts": ...
"dependencies": ...
"devDependencies": {
"awesome-typescript-loader": "^5.2.1",
...
},
"overrides": {
"awesome-typescript-loader": {
"typescript": "~4.6.2"
}
}
}
For using the latest version of dependency:
{
"name": "myproject",
"version": "0.0.0",
"scripts": ...
"dependencies": ...
"devDependencies": {
"awesome-typescript-loader": "^5.2.1",
...
},
"overrides": {
"awesome-typescript-loader": {
"typescript": "latest"
}
}
}
Same overrides can be used for both dependencies and devDependencies.
If you're using npm version >5 but <8.3.0: edit your package-lock.json: remove the library from "requires" section and add it under "dependencies".
For example, you want deglob package to use glob package version 3.2.11 instead of its current one. You open package-lock.json and see:
"deglob": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/deglob/-/deglob-2.1.0.tgz",
"integrity": "sha1-TUSr4W7zLHebSXK9FBqAMlApoUo=",
"requires": {
"find-root": "1.1.0",
"glob": "7.1.2",
"ignore": "3.3.5",
"pkg-config": "1.1.1",
"run-parallel": "1.1.6",
"uniq": "1.0.1"
}
},
Remove "glob": "7.1.2", from "requires", add "dependencies" with proper version:
"deglob": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/deglob/-/deglob-2.1.0.tgz",
"integrity": "sha1-TUSr4W7zLHebSXK9FBqAMlApoUo=",
"requires": {
"find-root": "1.1.0",
"ignore": "3.3.5",
"pkg-config": "1.1.1",
"run-parallel": "1.1.6",
"uniq": "1.0.1"
},
"dependencies": {
"glob": {
"version": "3.2.11"
}
}
},
Now remove your node_modules folder, run npm ci (or npm install for old version of node/npm) and it will add missing parts to the "dependencies" section.
As of NPM v8.3, the correct way to deal with this is via the overrides section of your package.json file.
If you need to make specific changes to dependencies of your
dependencies, for example replacing the version of a dependency with a
known security issue, replacing an existing dependency with a fork, or
making sure that the same version of a package is used everywhere,
then you may add an override.
Overrides provide a way to replace a package in your dependency tree
with another version, or another package entirely. These changes can
be scoped as specific or as vague as desired.
To make sure the package foo is always installed as version 1.0.0 no
matter what version your dependencies rely on:
{
"overrides": {
"foo": "1.0.0"
}
}
There are a variety of other, more nuanced configurations allowing you to only override a package when it's a dependency of a particular package hierarchy. For more details, check out https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides
The only solution that worked for me (node 12.x, npm 6.x) was using npm-force-resolutions developed by #Rogerio Chaves.
First, install it by:
npm install npm-force-resolutions --save-dev
You can add --ignore-scripts if some broken transitive dependency scripts are blocking you from installing anything.
Then in package.json define what dependency should be overridden (you must set exact version number):
"resolutions": {
"your-dependency-name": "1.23.4"
}
and in "scripts" section add new preinstall entry:
"preinstall": "npm-force-resolutions",
Now, npm install will apply changes and force your-dependency-name to be at version 1.23.4 for all dependencies.
For those using yarn.
I tried using npm shrinkwrap until I discovered the yarn cli ignored my npm-shrinkwrap.json file.
Yarn has https://yarnpkg.com/lang/en/docs/selective-version-resolutions/ for this. Neat.
Check out this answer too: https://stackoverflow.com/a/41082766/3051080
Nested replacement with an entirely different package
Most of the strategies outlined in the other answers here work well if you are just interested in overriding the package's version number, but in our case, we needed to find a way to override a nested npm sub-dependency with a different package altogether. For details on why you would ever want to do this, please refer to the following question:
How to override a nested npm sub-dependency with a different package altogether (not just different package version number)?
Specify the tarball directly
For nested replacement of a package with an entirely different package using the npm-force-resolutions strategy that others have mentioned, you just need to provide a link to the tarball where you would normally specify the overriding version number.
As an example, for the case of replacing the vulnerable package, ansi-html, with the fixed fork of this package, ansi-html-community, your resolutions section of package.json should look like this:
"resolutions": {
"ansi-html": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz"
}
To find the link to the tarball, use the following command, modifying your registry as necessary:
npm view ansi-html-community dist.tarball --registry=https://registry.npmjs.org/
Also, note that for npm-force-resolutions to work when you run npm install, you will need a preinstall entry under the scripts section of package.json:
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
#user11153 's answer worked for me locally, but when trying to do a clean install (aka deleting node_modules), I would get:
npm-force-resolutions: command not found
I had to update the preinstall script to be:
"preinstall": "npm i npm-force-resolutions && npm-force-resolutions"
Which ensures that npm-force-resolutions package is installed before attempting to run it.
That being said, if you're able to use yarn instead, I would do that and then use #Gus 's answer.
I had an issue where one of the nested dependency had an npm audit vulnerability, but I still wanted to maintain the parent dependency version. the npm shrinkwrap solution didn't work for me, so what I did to override the nested dependency version:
Remove the nested dependency under the 'requires' section in package-lock.json
Add the updated dependency under DevDependencies in package.json, so that modules that require it will still be able to access it.
npm i
I was about to go down the npm-force-resolutions route but it seems that simply including the dependency in my own package.json fixed the problem for me.
I believe this worked in my case because the original dependency allows for patch versions of the dependency in question that I wanted to update. Thus by manually including a newer version it still fulfilled the dependency of the original dependency and will use the one I've manually added.
Example
Problem
I need to update plyr to version 3.6.9 from 3.6.8
Mine
package.json
{
"dependencies": {
"react-plyr": "^3.2.0"
}
}
React Plyr
package.json
{
"dependencies": {
"plyr": "^3.6.8"
}
}
Notice for the plyr dependency it starts with ^ this means it can accept any minor patches. You can learn more about that here:
https://docs.npmjs.com/about-semantic-versioning#using-semantic-versioning-to-specify-update-types-your-package-can-accept
Updating Mine
This updates the plyr dependency from my package.json.
package.json
{
"dependencies": {
"plyr": "^3.6.9",
"react-plyr": "^3.2.0"
}
}
Based on the rest of the answers, I provide the same solution, but I display the package.json, as I struggled a little bit on where to place the override and how.
{
"name": "my-app",
"version": "snapshot",
"scripts": {
"ng": "ng",
"build-dev": "ng build --configuration development",
},
"private": true,
"dependencies": {
"#angular/animations": "~14.2.9",
"#angular/common": "~14.2.9"
...
},
"devDependencies": {
"#angular-devkit/build-angular": "^14.2.8",
....
},
"overrides": {
"loader-utils#>2.0.0 <3": "2.0.4",
"loader-utils#>3.0.0 <4": "3.2.1"
}
}
For November 2022 "loader-utils" security vulnerability, it was requested to
use the version 2.0.4, if you are in the 2.X
use the version 3.2.1, if you are in the 3.X
And to verify
add the package.json the override tag
delete the package-lock.json
run "npm install"
run "npm audit"
Run this first
npm i -D #types/eslint#8.4.3
it will solve the issue
I have a dependency that is only needed for Mac OS in an npm project and was wondering if there is some way to conditionally include this dependency only when the compatible platform is the one running npm install.
I'm willing to write the logic for this. In the below case grunt-appdmg is causing the npm install process to error out (for fairly obvious reasons) with:
'/dev/cuttle/node_modules/grunt-appdmg/node_modules/appdmg/node_modules/ds-store/node_modules/macos-alias/build'
CXX(target) Release/obj.target/volume/src/volume.o
../src/volume.cc:9:2: error: #error This platform is not implemented yet
#error This platform is not implemented yet
package.json
{
"name": "Cuttle",
"homepage": "https://github.com/oakmac/cuttle",
"license": "MIT",
"repository": {
"type": "git",
"url": "https://github.com/oakmac/cuttle.git"
},
"dependencies": {
"fs-extra": "0.16.3",
"open": "0.0.5",
"winston": "0.8.3"
},
"devDependencies": {
"grunt": "0.4.5",
"grunt-contrib-less": "0.11.4",
"grunt-contrib-watch": "0.6.1",
"grunt-curl": "2.0.3",
"grunt-download-atom-shell": "0.10.0",
"grunt-appdmg": "0.2.0",
"winresourcer": "0.9.0",
"moment": "2.9.0",
"shelljs": "0.3.0"
}
}
You can use an optional dependency.
Like this in your package.json:
"optionalDependencies":{
"grunt-appdmg":"0.2.0"
}
More info on NPM documentation
npm install will then just skip it if it fails.
Let me introduce handpick that lets you target and filter multiple dependencies. I wrote this to speed up CI stages that just need a fragment of the devDependencies but there are eventually more usecases. This project is quite experimental - please leave some feedback.
Installation
Install on your system:
npm install handpick --global
Usage
Run the command:
handpick [options]
-V, --version
-T, --target
-F, --filter
-M, --manager
-P, --path
-h, --help
Examples
Define unofficial dependencies inside package.json file:
{
"lintDependencies":
{
"eslint": "6.8.0",
"eslint-config-redaxmedia": "2.0.0"
},
"testDependencies":
{
"chai": "4.2.0",
"mocha": "7.1.1"
}
}
Install the lintDependencies:
handpick --target=lintDependencies
Install the devDependencies and lintDependencies via YARN:
handpick --target=devDependencies --target=lintDependencies --manager=yarn
Install the devDependencies without testDependencies:
handpick --target=devDependencies --filter=testDependencies
Install the dependencies and devDependencies within path:
handpick --path=../shared
I'm trying to install a bunch of dependencies using Bower on Ubuntu 14.04. The installation hangs at a semi random point (one of jQuery, closure-library or closure compiler). Versions are below, along with the bower.json (anonymised).
Node v0.10.35
NPM v1.4.28
Bower v1.3.12
bower.json
{
"name": "redacted",
"version": "0.12.2",
"homepage": "redacted",
"description": "redacted",
"private": true,
"ignore": [
"**/.*",
"node_modules",
"bower_components"
],
"dependencies": {
"angular": "~1.3.0",
"angular-ui-router": "~0.2.10",
"angular-cookie": "~4.0.6",
"bootstrap": "~3.2.0",
"angular-animate": "~1.3.0",
"signalr": "*",
"angular-translate": "~2.4.0",
"fallback": "https://github.com/dolox/fallback.git#v2",
"angularjs-scroll-glue": "~0.0.1",
"angular-swfobject": "~1.0.2",
"swfobject": "*",
"angular-moment": "~0.8.3",
"momentjs": "~2.8.3",
"moment-timezone": "~0.2.2",
"angular-uuid4": "~0.2.0",
"font-awesome": "~4.2.0",
"angular-strap": "~2.1.4",
"angular-motion": "~0.3.4",
"angularjs-toaster": "~0.4.9",
"angular-hotkeys": "https://github.com/chieffancypants/angular-hotkeys.git#1.4.5"
},
"devDependencies": {
"es5-shim": "~4.0.3",
"closure-compiler": "~0.2.6",
"closurelibrary": "*",
"closure-library-externs": "git#github.com:google/closure-compiler.git#v20140814",
"angular-mocks": "~1.3.0"
},
"resolutions": {
"angular": "~1.3.0"
}
}
Can anyone spot anything wrong with the bower.json, or know of any incompatibilities between bower and Ubuntu with these versions?
Sample line from bower install output at a point where it hangs (as mentioned, the exact point it hangs changes each time, though it appears to happen on resolved most of the time).
bower fallback#v2 resolved https://github.com/dolox/fallback.git#0568407bc2
Without an npm-debug.log I can't definitely diagnose this, but it sure looks like some of the install errors/race conditions that used to plague older versions of npm -- before 2.1.
There have been a lot of improvements to npm -- especially around conflicts and race conditions during install -- since 1.4.28. Can you try updating your npm installation?
To update npm, run npm -g install npm#latest
For some Linux distributions (Debian/Ubuntu and RedHat/CentOS), the latest node version provided by the distribution may lag behind the stable version. Here are instructions from NodeSource on getting the latest node.