How do I stop meteor from doing npm updates? - node.js

Every day when I run meteor for the first time, meteor goes out to the internet to check for updates in the npm packages.
If I don't have internet connection, I can't run meteor. This kills my productivity. I would like to force this update to not run so I can work.
My command line is:
NODE_OPTIONS=--debug meteor
The output is:
=> Started proxy.
=> Started MongoDB.
npm: updating npm dependencies -- github, colors, aws-sdk, moment, string, urlify, sendgrid, airbrake...
iron-router: updating npm dependencies -- connect...
meteor-collection-management: updating npm dependencies -- mongodb...
kadira: updating npm dependencies -- debug, usage...
Now here is the additional puzzlement. My package.json explicitly specifies the versions of the npm packages.
more packages.json
{
"github": "0.1.15",
"colors": "0.6.2",
"aws-sdk": "2.0.0-rc13",
"moment": "2.5.1",
"string": "1.8.0",
"urlify": "0.3.5",
"sendgrid": "1.0.2",
"airbrake": "0.3.8"
}
The list and versions haven't changed in ages. npm should have no reason to go to the web - it has local copies of the specified versions already.
Now of course there is a possibility that this update is triggered by a sub-dependency - which is why I would like to do:
Force an offline mode when running meteor
AND/OR tell npm to resolve all dependencies completely - so that it does not think it needs to do an update.
UPDATE: I am sort of working around this problem with https://www.npmjs.org/package/sinopia
These related? issues are also showing up on startup:
Package.on_test runs even when not testing
Why does Meteor-Npm keep trying to get a package from the internet

Related

Unable to fix npm vulnerabilities

I am getting 6 vulnerabilities after running npm audit report:
I tried a solution and overridden the vulnerable versions of a particular package with their latest versions in package.json file like this:
"overrides": {
"nth-check": "2.1.1",
"#svgr/webpack": "6.5.1",
"#svgr/plugin-svgo": "6.5.1",
"svgo": "3.0.1",
"css-select": "5.1.0"
}
Then I updated the npm packages with npm update. But it did not change the result.
Tried another solution by making a resolution object in package.json and specified specific versions of a particular package, and ran it using npx i npm-force-resolutions but it gives this error:
npm ERR! could not determine executable to run.
But I am still unable to fix the npm vulnerabilities. Please help!
You should delete both node_modules and package-lock.json before launching npm install again; this will require more time to install all dependencies, but this will override all the version that are currently installed (it will bring also minor updates in dependencies).
Also, for this vulnerability, you only need to override nth-check. You can see the changes by executing npm list nth-check with and without the override (remember to delete both node_modules and package-lock.json).

npm install stuck on "checking installable status"?

I have recently updated a project where the last udpate was about a month ago, but failed to deploy to the server. After some investigation, it is because it is stuck in npm install, or more precisely, stuck at a line saying
This sutck happens on different package when trying on different machine, so it seems to be related to npm instead of any package.
I have made no changes to the package.json, only on some other javascript files. Also, the last deploy was about a month ago. In other words, the npm install can be run without problem last month.
This problem can be replicated by copying the package.json file to an empty folder and run npm install. The package.json file:
{
"private": true,
"devDependencies": {
"gulp": "^3.9.1",
"laravel-elixir": "^6.0.0-14",
"laravel-elixir-webpack-official": "^1.0.2",
"node-sass": "^4.5.3"
},
"dependencies": {
"eventemitter3": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-1.2.0.tgz"
}
}
I am using node 11.15.0, npm 6.7.0 through nvm. As it is a running project on live, upgrading or downgrading node and npm version is not an option without some careful planning, and seems to be an overkill at the moment.
For reference, I noticed that there is an outage in npmjs registory recently, but it seems to be fixed, so I am not sure if it is related. Have anyone had similar problem recently? Or any suggestion on how to solve this problem?

Unable to resolve module `react/lib/ReactComponentTreeHook`

I'm attempting to upgrade React Native and I'm running into the following:
error: bundling: UnableToResolveError: Unable to resolve module `react/lib/ReactComponentTreeHook` from `/Users/anthony/dev/apptova-react/node_modules/react-native/Libraries/Performance/Systrace.js`: Module does not exist in the module map or in these directories:
/Users/anthony/dev/apptova-react/node_modules/react-native/node_modules/react/lib
, /Users/anthony/dev/apptova-react/node_modules/react/lib
I'm so confused. I can't find any library named ReactComponentTreeHook in node_modules, anywhere.
I've tried removing the node_modules folder and reinstalling, nada. I've also cleared watchman watches and reset the packager cache.
EDIT: I kept running into issues that seemed to stem from react-native-maps so I so I reset back to a working stable version, uninstalled react-native-maps, and ran react-native-git-upgrade (again).
Now I'm getting:
error: bundling: UnableToResolveError: Unable to resolve module `react/lib/ReactDebugCurrentFrame` from `/Users/anthony/dev/apptova-react/node_modules/react-native/Libraries/Renderer/src/renderers/shared/stack/reconciler/ReactCompositeComponent.js`: Module does not exist in the module map or in these directories:
/Users/anthony/dev/apptova-react/node_modules/react-native/node_modules/react/lib
, /Users/anthony/dev/apptova-react/node_modules/react/lib
I'm just trying to latest, my package.json dependencies are simple so I don't think its conflicts with a third-party code base:
"dependencies": {
"react": "15.4.1",
"react-native": "^0.43.1",
"react-native-drawer": "^2.3.0"
},
"devDependencies": {
"babel-jest": "18.0.0",
"babel-plugin-transform-flow-strip-types": "^6.21.0",
"babel-preset-react-native": "1.9.1",
"deepmerge": "^1.3.2",
"flow-bin": "^0.37.4",
"jest": "18.0.0",
"react-test-renderer": "15.4.1"
},
Again, went throught the process of clearing watchman watches, node modules, reseting package manager and still get this error.
EDIT 2: After spending two solid days of trying to get this working I created a new blank project and migrated my code over.
Make sure version in your package.json file is the version you want.
For example, "react-native: ^0.43.3" is not same as "react-native: 0.43.3".
Clean up and re-install everything.
If the error still there, then try to install react-native-git-upgrade
$ npm install -g react-native-git-upgrade
and then run
$ react-native-git-upgrade x.y.z(version you want to upgrade to)
for me it works.
If your version is too old, then you should follow the old version document to upgrade.
This could also happen if you don't have the correct version of react required by the version of react-native. If this is the case, you would get a warning like this when you run npm install.
npm WARN react-native#0.43.4 requires a peer of react#16.0.0-alpha.6 but none was installed.
To fix this problem, stop the react packager and upgrade the version of react by running the following command
npm install -save react#16.0.0-alpha.6
Now, re-run the app and hopefully the issue would go away.
I think recently many of the modules under react/lib were moved to react-dom/lib, which is why the packager can't find some modules
I followed following steps and it's working
• Deleted node_modules folder
• Replaced ^16.0.0-alpha.6 with "react": "16.0.0-alpha.3"
• npm install
• react-native run-android

"npm install" installs all dependencies in node_modules directory, instead of having them nested

I need to know if the following behavior is normal.
When I npm install, each package from my package.json and the dependencies, don't get installed nested anymore, but each dependency is installed in the node_modules directory. That makes my node_modules directory blown and look like this:
This happened since I updated npm and node.
Now I run:
npm -v 3.3.6
node -v 4.2.1
python 2.7
windows 7
wamp
My package.json file looks like this:
{
"private": true,
"devDependencies": {
"gulp": "^3.8.8"
},
"dependencies": {
"laravel-elixir": "^3.0.0",
"bootstrap-sass": "^3.0.0"
}
}
It's the standard laravel package.json file.
Is there a way to have nested directories again, because I don't like such a blown article with over 100 sub directories.
Update: As Erik Pukinskis mentioned in the comments:
As of npm 3.5, support for --legacy-bundling has been dropped.
Yes, there is a way to have nested directories again by changing npm's (version 3 as of this writing) default behaviour:
Delete the currently present node_modules folder.
Tell npm to install with legacy bundling for this one install:
npm install --legacy-bundling
A "permanent" alternative:
Set your npm config to always use legacy bundling...
npm set legacy-bundling=true
.. and run as usual:
npm install
Note: fetching dependencies with legacy bundling will take a lot more time because many several different versions of the same dependencies will be installed.
Disclaimer: As a non-Windows user I have no need for flat dependencies and want to find self-declared dependencies with ease in favour of automatic deduping. Since installing npm dependencies without legacy bundling already takes an incredible amount of time I'm usually willing to spend those extra minutes install time. It gets back down to 5 directories from previously 700+ (...) in a Laravel Elixir setup with bootstrap (non-sass), font-awesome and jquery added.
That's the new behavior of npm 3 as per this npm blog.

nodejs project dependencies synchronization

I am creating a nodejs project and wish to have same library versions used across dev, qa, staging and production environment.
Tried package.json but was unable to find good help. Need some suggestion here.
EDITED
{
"dependencies": {
"ioredis": "1.7.5",
"redis": "0.12.1",
"redis-hash": "0.0.4",
"debug": "*"
}
}
Specify your dependencies using the exact versions in the package.json file, and when you run npm install it will get the proper versions of all your dependencies.
If you don't specifiy an exact version for the libraries, there's a chance that there's a new version since the last time you ran the command, you will end up with different versions of your libraries on your servers, which might not be what you want.
NPM has an outdated command which will list all the dependencies that have fallen behind and need to be updated. You can then run npm install.

Resources