Npm dependencies not installed through chef - node.js

We are trying to resolve node dependencies using 'npm install' in chef recipe through execute resource.
This my chef recipe :
execute "download dependancies from package.json" do
command "npm install --silent"
user "#{node['non_root_user']}"
end
This is my package json :
"dependencies": {
"classnames": "^2.2.5",
"keymirror": "^0.1.1",
"moment": "^2.10.2",
"moment-timezone": "^0.4.0",
"node-sass": "^3.2.0",
"parse": "^1.4.2",
"react": "^0.13.2",
"react-swipeable": "^3.0.2"
},
"devDependencies": {
"babel-eslint": "^4.0.10",
"brfs": "^1.4.0",
"browser-sync": "^2.6.7",
"browserify": "^9.0.7",
"browserify-shim": "^3.8.5",
"classnames": "^2.2.5",
"dotenv": "^1.2.0",
"eslint": "^1.1.0",
"eslint-plugin-react": "^3.2.3",
npm install only installs dev-dependencies but not dependencies. is there any automated way to install all dependencies using npm install? Am I missing anything additional configuration with npm.

What you have is fine so there is probably some other issue. If you want something simpler check out the poise-javascript and application_javascript cookbooks though.

Related

Snyk complains about fsevents missing from package-lock, but fsevents is not a requirement and snyk ignores --strict-out-of-sync=false

Cannot run snyk on any of my projects today, getting the same error everywhere.
snyk test --strict-out-of-sync=false results in:
Dependency fsevents was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync. Please run "npm install" and try again.
npm install and npm install and npm i --package-lock-only do nothing
FSEvents is not even a requirement in package.json
relevant sections of the package.json:
"dependencies": {
"bcrypt": "^5.0.1",
"cookie-parser": "^1.4.5",
"cors": "^2.8.5",
"csurf": "^1.11.0",
"debug": "~4.3.1",
"express": "~4.17.1",
"express-handlebars": "^5.3.0",
"express-rate-limit": "^5.2.6",
"helmet": "^4.4.1",
"morgan": "~1.10.0",
"mysql2": "^2.2.5",
"node-cron": "^3.0.0",
"node-fetch": "^2.6.1",
"nodemailer": "^6.5.0",
"redis": "^3.1.0",
"sequelize": "^6.6.2",
"sequelize-cli": "^6.2.0",
"uuid": "^8.3.2",
"winston": "^3.3.3"
},
"devDependencies": {
"app-root-path": "^3.0.0",
"babel-eslint": "^10.1.0",
"chai": "^4.3.4",
"chai-http": "^4.3.0",
"eslint": "^7.23.0",
"express-openapi-validate": "^0.5.1",
"js-yaml": "^4.0.0",
"jsdoc": "^3.6.6",
"mocha": "^8.3.2",
"nyc": "^15.1.0",
"openapi-types": "^7.2.3",
"sinon": "^10.0.0",
"snyk": "^1.526.0",
"swagger-jsdoc": "^6.1.0",
"winston-syslog": "^2.4.4"
}
}
I hope you've already solved this but found this thread with the same issue so posting if someone finds it later.
fsevents is probably a transitive dependency for some of your other dependencies, check the package-lock.json for which one. It is a MacOS (darwin) only package to get access to file system events.
I got it working by running
npm upgrade
before running snyk again.
fsevents is used inside of jest or other testing library.
npm upgrade will update all outdated libraries. This approach is not recommended, if you do not want to update all the libraries you use. Instead of that, just update testing libraries you use and the issue will be gone.

Segmentation fault (core dumped) in a running node process running in docker container

My docker image is running on AWS ECS. It runs for some time and then the container crashes with the following message :
Segmentation fault (core dumped)
npm ERR! code ELIFECYCLE
npm ERR! errno 139
npm ERR! fantasyservice#1.0.0 server: tsc -p . && node --max-old-space-size=1700 ./dist/server.js
npm ERR! Exit status 139
npm ERR!
npm ERR! Failed at the fantasyservice#1.0.0 server script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm WARN Local package.json exists, but node_modules missing, did you mean to install?
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2020-07-08T07_51_00_148Z-debug.log
I found that this issue occurs when one of the libraries using C++ modules fails. My package.json has the following dependencies installed -
"dependencies": {
"#nestjs/graphql": "^6.5.3",
"#types/bull": "^3.10.6",
"#types/bull-arena": "^2.6.0",
"#types/check-types": "^7.3.1",
"#types/compression": "^1.0.1",
"#types/cors": "^2.8.6",
"#types/express": "^4.17.2",
"#types/graphql-type-json": "^0.3.2",
"#types/http-errors": "^1.6.2",
"#types/jsonwebtoken": "^8.3.5",
"#types/node": "^12.12.11",
"#types/node-fetch": "^2.5.3",
"#types/request": "^2.48.3",
"#types/request-promise": "^4.1.45",
"apollo-server-express": "^2.9.12",
"bcrypt": "^3.0.7",
"bull": "^3.12.1",
"bull-arena": "^2.6.4",
"check-types": "^11.0.0",
"compression": "^1.7.4",
"cookie-parser": "^1.4.4",
"core-util-is": "^1.0.2",
"cors": "^2.8.5",
"easygraphql-format-error": "0.0.3",
"express": "^4.17.1",
"express-graphql": "^0.9.0",
"express-winston": "^4.0.1",
"graphql": "^14.5.8",
"graphql-tools": "^4.0.6",
"graphql-type-json": "^0.3.1",
"http-errors": "^1.7.3",
"is-my-json-valid": "^2.20.0",
"jsonwebtoken": "^8.5.1",
"newrelic": "^6.3.0",
"object-mapper": "^6.0.1",
"pg": "^7.13.0",
"pug": "^2.0.4",
"redis": "^2.8.0",
"reflect-metadata": "^0.1.13",
"request": "^2.88.0",
"request-promise": "^4.2.5",
"segfault-handler": "^1.3.0",
"tsc-watch": "^4.0.0",
"tsconfig-paths": "^3.9.0",
"type-graphql": "^0.17.5",
"typeorm": "^0.2.20",
"typeorm-encrypted-column": "0.0.4",
"typeorm-naming-strategies": "^1.1.0",
"typescript": "^3.7.2",
"webpack-dev-server": "^3.9.0",
"winston": "^3.2.1",
"winston-daily-rotate-file": "^4.2.1",
"winston-loggly-bulk": "^3.0.1"
}
And my docker file is the following
FROM node:10
RUN apt update
RUN npm install typescript -g
COPY package*.json ./
RUN npm install
RUN npm rebuild bcrypt --build-from-source
ADD . /app
WORKDIR /app
CMD npm run server
I have tried increasing the ulimit, changed the node version in docker file and reduced the --max-old-space-size but to no effect. I also found out that npm rebuild bcrypt --build-from-source fixes an issue with bcrypt that causes this problem and have added that in my docker file link.

NPM is giving me an error using npm install

A friend shared with me a theme he is developing for WordPress, and I cloned his repo in my /themes folder, first thing I tried was to run "npm install" in the theme folder in order to get gulp and other npm cool features.
This is what it returns:
$ npm install
npm ERR! code EINTEGRITY
npm ERR! sha1-fjL3W0e4epHQRhHxvxQQmsAGUdc= integrity checksum failed when using sha1: wanted sha1-fjL3W0e4epHQRhHxvxQQmsAGUdc= but got sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw== sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=. (36808 bytes)
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\rinor\AppData\Roaming\npm-cache\_logs\2020-04-04T17_30_54_859Z-debug.log
After trying installing it globally it gave me back the same error so I came up with uninstalling node.js from my pc and then download and install the LTS version (12.16.1). Rebooted, tested and it seemed to work as I tried typing "node -v" && "npm -v". But when I return to my theme and go for "npm install" it gives me the same error.
Here is my package.json content
{
"name": "ruce-theme",
"version": "1.0.0",
"description": "A starter theme",
"scripts": {
"watch": "gulp watch"
},
"dependencies": {
"bootstrap": "^4.0.0-beta.3",
"jquery": "^3.2.1",
"npm": "^6.4.1",
"slick-carousel": "^1.8.1"
},
"devDependencies": {
"#babel/core": "^7.3.3",
"#babel/preset-env": "^7.3.1",
"#babel/preset-react": "^7.0.0",
"babel-core": "^6.25.0",
"babel-loader": "^8.0.5",
"babel-plugin-transform-react-jsx": "^6.24.1",
"babel-preset-env": "^1.6.0",
"cross-env": "^5.0.1",
"css-loader": "^2.1.0",
"extract-text-webpack-plugin": "^4.0.0-beta.0",
"file-loader": "^3.0.1",
"gulp": "^4.0.0",
"gulp-babel": "^8.0.0-beta.2",
"gulp-clean-css": "^3.9.1",
"gulp-clone": "^1.1.4",
"gulp-concat": "^2.6.1",
"gulp-cssnano": "^2.1.2",
"gulp-ignore": "^2.0.2",
"gulp-imagemin": "^4.0.0",
"gulp-merge": "^0.1.1",
"gulp-plumber": "^1.2.0",
"gulp-rename": "^1.2.2",
"gulp-rimraf": "^0.2.2",
"gulp-sass": "^3.1.0",
"gulp-sequence": "^0.4.6",
"gulp-sourcemaps": "2.6.2",
"gulp-uglify": "^3.0.0",
"gulp-watch": "^4.3.11",
"node-sass": "^4.11.0",
"sass-loader": "^7.1.0",
"style-loader": "^0.23.1",
"webpack": "^4.29.0",
"webpack-cli": "^3.2.1"
},
"license": "ISC"
}
These are the erros that the debug shows
20111 error code EINTEGRITY
20112 error sha1-fjL3W0e4epHQRhHxvxQQmsAGUdc= integrity checksum failed when using sha1: wanted sha1-fjL3W0e4epHQRhHxvxQQmsAGUdc= but got sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw== sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=. (36808 bytes)
20113 verbose exit [ 1, true ]
You don't mention whether you had package-lock.json or not. In some cases the following might help. But first make sure you understand what's going on. npm tells you that the checksum from https://registry.npm.org doesn't match the one from package-lock.json. Either it changed in the registry, or...
Solution Consider the line from the output:
npm ERR!
sha1-fjL3W0e4epHQRhHxvxQQmsAGUdc=
integrity checksum failed when using sha1: wanted
sha1-fjL3W0e4epHQRhHxvxQQmsAGUdc=
but got
sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw== sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=
. (36808 bytes)
Find the package in package-lock.json by the first two integrity checksums (sha1-...), and put the third one (sha512-...) into its "integrity" field.
More on it here.

npm WARN The package is included as both a dev and production dependency

When running npm install
I got these warning:
npm WARN The package babel-core is included as both a dev and production dependency.
npm WARN The package babel-loader is included as both a dev and production dependency.
npm WARN The package babel-preset-react is included as both a dev and production dependency.
npm WARN The package redux-thunk is included as both a dev and production dependency.
npm WARN The package uglifyjs is included as both a dev and production dependency.
up to date in 7.183s
npm WARN The package babel-core is included as both a dev and production dependency.
npm WARN The package babel-loader is included as both a dev and production dependency.
npm WARN The package babel-preset-react is included as both a dev and production dependency.
npm WARN The package redux-thunk is included as both a dev and production dependency.
npm WARN The package uglifyjs is included as both a dev and production dependency.
package.json file:
{
...
"dependencies": {
"axios": "^0.15.3",
"babel-core": "^6.10.4",
"babel-loader": "^6.2.4",
"babel-polyfill": "^6.9.1",
"babel-preset-es2015": "^6.9.0",
"babel-preset-react": "^6.11.1",
"babel-preset-stage-2": "^6.24.1",
"babel-register": "^6.9.0",
"bluebird": "^3.5.0",
"bootstrap-sass": "^3.3.7",
"classnames": "^2.2.5",
"console-polyfill": "^0.2.3",
"cross-env": "^1.0.8",
"css-loader": "^0.23.1",
"deepmerge": "^1.3.2",
"dom-helpers": "^3.0.0",
"expect": "^1.20.1",
"fuzzy": "^0.1.3",
"moment": "^2.18.1",
"node-libs-browser": "^1.0.0",
"node-sass": "^3.8.0",
"react": "^15.1.0",
"react-addons-shallow-compare": "15.4.0",
"react-addons-test-utils": "^15.1.0",
"react-axios": "0.0.9",
"react-bootstrap-daterangepicker": "^3.2.2",
"react-daterange-picker": "^1.1.0",
"react-dom": "^15.1.0",
"react-draggable": "^2.2.3",
"react-redux": "^4.4.8",
"react-router": "^3.0.2",
"react-virtualized": "^8.5.2",
"redux": "^3.6.0",
"redux-logger": "^2.6.1",
"redux-promise": "^0.5.3",
"redux-promise-middleware": "^4.2.0",
"redux-thunk": "^2.1.0",
"sass-loader": "^4.0.0",
"style-loader": "^0.13.1",
"uglifyjs": "=2.4.10",
"webpack-dev-middleware": "^1.6.1",
"webpack-dev-server": "^1.14.1",
"webpack-hot-middleware": "^2.11.0"
},
"devDependencies": {
"assets-webpack-plugin": "^3.5.1",
"babel-core": "^6.24.1",
"babel-loader": "^7.0.0",
"babel-plugin-add-module-exports": "^0.2.1",
"babel-plugin-react-transform": "^2.0.2",
"babel-plugin-transform-decorators-legacy": "^1.3.4",
"babel-preset-es2016": "^6.24.1",
"babel-preset-react": "^6.24.1",
"babel-preset-stage-3": "^6.24.1",
"didyoumean": "^1.2.1",
"extract-text-webpack-plugin": "^1.0.1",
"glob": "^7.1.1",
"postcss-loader": "^1.3.0",
"purifycss-webpack-plugin": "^2.0.3",
"react-transform-hmr": "^1.0.4",
"redux-thunk": "^2.2.0",
"uglifyjs": "=2.4.10",
"webpack": "^1.15.0",
"webpack-cleanup-plugin": "^0.5.1",
"webpack-split-chunks": "^0.1.1"
}
}
Noticed that there were different versions installed. What exactly happens when there are two versions of the same package installed for dev and prod? Is this normal behavior? Should I get rid of the dupe references in the package.json file?
You have the package referred to in both sections of your dependencies; you should totally not do this because it means that your production install will have a different version to your development install.
If you do npm install you will get all dependencies & devDependencies installed; however if you do npm install --production you only get dependencies installed.
You should remove things you don't need for your app to run from dependencies and place them in devDependencies. Things in dependencies should be seen as requirements to run the application (after any code transformation has occurred).
There is zero case where a dependency should be in both.
My use-case is exactly what #Jim pointed out in the comment of the accepted answer, In development I wanted to use my local module files as I was working on it the same time I worked on my other projects using it.
In production I would use the module from VCS, and I don't want to manually change the package.json file every time.
This is how I set up my package.json:
"dependencies": {
"module-name": "git+ssh://git#bitbucket.org/XXX/XXX.git#master"
},
"devDependencies": {
"module-name-dev": "file:../XXX"
}
With this setup, npm doesn't give me any errors, because the modules name are different, now what left to do is to require the dev package in development instead the main one.
I found the module-alias package, it allows you to use alias names for paths you want to require.
In your app.js file at the very beginning you need to add this code:
if (process.env.NODE_ENV === 'development') {
const moduleAlias = require('module-alias');
moduleAlias.addAlias('module-name', 'module-name-dev');
}
From now on, every time you require the module-name module, you will actually get the module-name-dev in development.
In production you shouldn't install the devDependencies, and the alias will not work, so no extra steps needed to change between the 2.
Working with webpack
If you are using webpack, you do not need the module-alias, you can add alias to the webpack config using webpack-chain like this:
chainWebpack: (config) => {
if (process.env.NODE_ENV === 'development') {
config.resolve.alias
.set('module-name', 'module-name-dev');
}
},

package.json add "npm install -g" to scripts preinstall

When writing package.json:
"scripts": {
"preinstall": "npm install -g grunt-cli"
},
"devDependencies": {
"async": "^0.9.0",
"grunt": "^0.4.5",
"grunt-contrib-connect": "^0.9.0",
"grunt-contrib-cssmin": "^0.10.0",
"grunt-contrib-jshint": "^0.10.0",
"grunt-contrib-uglify": "^0.6.0",
"grunt-contrib-watch": "^0.6.1",
"jit-grunt": "^0.9.0",
"marked": "^0.3.2",
"time-grunt": "^1.0.0",
"underscore": "^1.7.0"
}
And then running the command npm install
It works on some computers but on some I get this error:
http://pastebin.com/rYUwhV5k
Is it proper use of the package.json?
Is there any other way to do it?
How can I fix the problem that occurs on the other computers?
According to the npm documentation "NOTE: INSTALL SCRIPTS ARE AN ANTIPATTERN"
https://docs.npmjs.com/misc/scripts
In your case, probably best to just add in the readme.md that you need to have grunt installed to run the tests (and let the user decides how to install it)

Resources