I wanted to install this package: https://github.com/react-native-fellowship/react-native-navbar:
npm i react-native-navbar --save
But i've got another, outdated package from another source https://github.com/malkomalko/react-native-navbar:
$ npm list| grep navbar
├── react-native-navbar#1.5.0
│ ├── react-native-navbar#1.1.7 (git://github.com/malkomalko/react-native-navbar.git#fe3d9ed0c717e5304188e22f86ff63f0e029919f)
The first one, which i wanted to install, is a fork from the second, older one.
I already tried to update with "npm update" and i also tried to install a specific version with "npm i react-native-navbar#1.5.0", but it remains the same.
How to deal with such naming conflicts?
I found the root cause. One of my dependencies declared the "wrong" package as a dependency:
"dependencies": {
"react-native-navbar": "malkomalko/react-native-navbar",
"react-native-tabs": "malkomalko/react-native-tabs"
}
Related
I have a nextjs app which has "next": "^10.2.0". It in turn has shell-quote as a transitive dependency and the version installed in 1.7.2 which has some critical security vulnerabilities. I have to fix this for now, and shell-quote version 1.7.3 does not have these vulnerabilities. So I added this
"preinstall": "npx npm-force-resolutions"
and
"resolutions": {
"shell-quote": ">=1.7.3"
}
in package.json.
But it still gives me the error and when I check npm ls shell-quote, I see that
├─┬ #storybook/react#6.4.9
│ └─┬ react-dev-utils#11.0.4
│ └── shell-quote#1.7.2
└─┬ next#10.2.3
└─┬ #next/react-dev-overlay#10.2.3
└── shell-quote#1.7.2 deduped
Does this mean, next#10.2.3 cannot have shell quote of 1.7.2? Can this issue be fixed for now without a nextjs upgrade?
You don't need to use resolutions as you are not changing the package but only the version of it. Override is fine here. So, add following code block to the package.json
"overrides": {
"react-dev-utils#11.0.4": {
"shell-quote": "1.7.3"
},
"#next/react-dev-overlay#10.2.3": {
"shell-quote": "1.7.3"
}
},
Now remove node_modules with rm -rf node_modules. Then, you have two options:
Remove package-lock.json completely. This way, you'll lose locked versions for your other packages too.
Or, open package-lock.json and remove all entries with react-dev-utils, node_modules/react-dev-utils, #next/react-dev-overlay, node_modules/react-dev-overlay, shell-quote and node_modules/shell-quote. This way, you'll keep locked versions for other packages.
And run npm install, when you run npm list shell-quote, you'll see all packages uses it with v1.7.3.
Since npm install will edit your package-lock.json for this change, you will have complete packge-lock.json and won't have to edit it next time you run npm install.
I've been editing our repository to get rid of vulnerabilities in this way and it works fine. I've used this answer from another SO question.
Of course, you have to make sure that these versions are compatible with each other. Because with overrides, npm does not do any checking for the versions, you force it. For example, you have to make sure that react-dev-utils#11.0.4 can work with shell-quote#1.7.3. In minor version upgrades, libraries generally work as the same before but it doesn't always have to be this way.
i have done the following steps.
1- npm install
2- npm ls c - this gave me dependency tree showing a particular version of package c say 1.4.1
└─┬ a#1.4.0
└─┬ b#0.13.0
└── c#1.4.1
3- npm update c --depth=100
c#1.4.8
added 1 package from 1 contributor, updated 3 packages and audited 69 packages in 2.112s
found 3 low severity vulnerabilities
run npm audit fix to fix them, or npm audit for details
4- npm ls c
└─┬ a#1.4.0
└─┬ b#0.13.0
└── c#1.4.1
This still showing old package, but when i verified in node_modules i see version 1.4.8.
What can i do to make npm ls report updated dependency tree?
Looks like i inadvertently left package-lock.json, after removing package-lock.json and running npm ls gave the correct dependency tree.
Anybody knows why I am still having a missing dependency error, even though it clearly shows the correct version of webpack is already installed below??
When I ran npm start :
'''
There might be a problem with the project dependency tree.
It is likely not a bug in Create React App, but something you need to fix locally.
The react-scripts package provided by Create React App requires a dependency:
"webpack": "4.41.5"
Don't try to install it manually: your package manager does it automatically.
However, a different version of webpack was detected higher up in the tree:
When I run npm ls webpack, it gives me :
Chelseas-MacBook-Pro:website-expo-2018-master ipchelsea$ npm ls webpack
uwbce#0.1.0 /Users/ipchelsea/Desktop/website-expo-2018-master
├─┬ react-loading-screen#0.0.17
│ └── webpack#2.7.0
├─┬ react-scripts#3.4.0
│ └── webpack#4.41.5
└── webpack#4.41.6
You missed out the steps you took to get here. You did something, or missed something out in the steps you did to end up where you are now.
You should delete node_modules, then do npm i, and see if that correctly installs the packages.
Also, add the contents of your package.json file to the question. You need to have one in the root of this project.
npm knows that grunt is installed globally, so why isn't it found?
$ npm install -g grunt
... installs ...
$ npm list -g | grep grunt
│ ├─┬ gruntfile-editor#0.2.0
│ ├─┬ gruntfile-editor#0.2.0
├─┬ grunt#0.4.5
│ ├─┬ grunt-legacy-log#0.1.1
│ ├── grunt-legacy-util#0.2.0
$ grunt
-bash: grunt: command not found
I assume because it's put it somewhere that is not on my PATH.
Why doesn't npm just put it somewhere that is on my PATH by default, like /usr/local/bin?
UPDATE: Weirdly, I get the same grunt: command not found error even after I do npm install grunt to run it locally. What am I doing wrong? There is a Gruntfile.js in my repo.
The package "grunt" is the task runner itself whereas the "grunt-cli" package is the command line interface that includes the grunt executable. You can make sure that it is installed to the correct path.
If you do npm install grunt-cli it still would not work because this would be installed to node_modules in the corresponding directory which is most likely not on your path. However, when you use grunt from the globally installed CLI tool it will look for an installation of grunt that is local to that project as well as the Gruntfile.js
what you have to do is
install grunt-cli globally:
$ npm install grunt-cli -g
install grunt local in your dependencies (optionally save the dependency to your package.json):
$ npm install grunt --save
For me there was another thing missing, adding the path to NPM's folder in Window's env variables
Go to System (My computer->Properties)
Advanced System Settings
In Advanced tab, 'Environment Variables'
Under User variables, choose Path, then Edit
Add this alongside the others you have: '%USERPROFILE%\AppData\Roaming\npm'
Hope this helps, g'luck
I have a source tree like this:
myapp
├── nodestuff1
| └── package.json
└── nodestuff2
└── package.json
nodestuff1/package.json includes this:
"prepublish": "npm install ../nodestuff2"
nodestuff2/package.json includes this:
"devDependencies": {"uglify-js": "2.3.x"}
My workflow is supposed to be cd myapp/nodestuff1 && npm install, which should first install nodestuff2 followed by nodestuff1. However...
running npm install in myapp/nodestuff2 installs devDependencies, whereas
running npm install ../nodestuff2 does not install devDependencies.
For now I changed the prepublish script to cd to nodestuff2 and run npm install there, then cd back to nodestuff1 and run npm install ../nodestuff2 so that it gets copied to nodestuff1/node_modules.
Is this a bug? Is there a better solution?
First, understand that the semantics of "cd someproject && npm install" means "install someproject's dependencies and devDependencies so I can run it and/or develop it" as opposed to "npm install ../someproject" which means "install someproject in the current directory so I can use it from my project or from the repl", which does not install devDependencies. These make sense to me personally but that may or may not be intuitive to you, but in either case, that's how npm works.
Now, for your packages, if I understand what you are trying to do is pre-bundle nodestuff2 within nodestuff1 when you publish it to npm. Don't do that. Instead, just list nodestuff2 as a dependencies of nodestuff1 in nodestuff1/package.json. Are you trying to do something unusual here? If you provide the larger context of what you are trying to accomplish, it will be easier for people to post answers. My impression is you are working against the grain of npm but you haven't provided enough context for me to really assess what you are doing.