How to fix webpack-pwa-manifest vulnerability? - javascript

How to fix webpack-pwa-manifest#4.2.0 and minimist vulnerability. I tried by deleting node/modules and package-lock.json and do a fresh npm install but I have the same issue, any feedback is really appreciated.
Attached screenshots.

Actually, the issue is on minimist (webpack-pwa-manifest submodule), and it's on version 0.0.8. You can install the newest version of this module using resolution on package.json until the webpack-pwa-manifest update this module...
To add this resolution you just need to add this on you package.json:
"resolutions": { "minimist": ">=1.2.3" }
And run:
npx npm-force-resolutions && npm install

Related

'react-scripts' is not recognized as an internal or external command

I've got a maven project, within which is JavaScript project cloned as a git sub-module. So the directory structure looks like mavenapp/src/main/javascript/[npm project files]
Inside my package.json, the test looks like this:
"test": "react-scripts test --env=jsdom",
but when I try to run npm test, it says
'react-scripts' is not recognized as an internal or external command,
Interestingly, when I clone the javascript project independently I don't get this error. I've tried re-running npm install.
NPM version: 5.5.1
Node.js version: 9.3.0
It is an error about react-scripts file missing in your node_modules/ directory at the time of installation.
Check your react-script dependency is avaliable or not in package.json.
If not available then add it manually via:
npm install react-scripts --save
If react-scripts is present in package.json, then just type this command
npm install
If react-scripts is not present in package.json, then you probably haven't installed it. To do that, run:
npm install react-scripts --save
Try:
rm -rf node_modules && npm install
Wiping node_modules first, often tends to fix a lot of weird, package related issues like that in Node.
Running these commands worked for me:
npm cache clean --force
npm rebuild
npm install
In my situation, some problems happened with my node package. So I run npm audit fix and it fixed all problems
2023 answer: simply remove node_modules folder and run
npm install
or:
yarn
(depends on you're using npm or yarn)
it worked for me!
no need to do more!!!
It waste a lot of my time until I discover this, I got headache...
Faced the same problem, although I am using yarn.
The following worked for me:
yarn install
yarn start
To avoid this issue to re-occur or you face this issue whenever anyone downloads your project fresh.
It's better to add this in dev dependencies using this command:
npm install react-scripts --save-dev
It will get added like this.
"devDependencies": {
"react-scripts": "^4.0.3"
}
Do Commit and push your code.
Running the npm update command solved my problem.
To rectify this issue follow the following steps
run npm install
then run npm start
This worked fine for me
For Portable apps change
package.json
as follows
"scripts": {
"start": "node node_modules/react-scripts/bin/react-scripts start",
"build": "node node_modules/react-scripts/bin/react-scripts build",
"test": "node node_modules/react-scripts/bin/react-scripts test",
"eject": "node node_modules/react-scripts/bin/react-scripts eject"
}
react-scripts should be listed as a dependency when you run npx create-react-app your-app, but for some reason, it gets this error. I will list some steps that I followed that may help you fix this error:
First, check at your React package.json if there is react-scripts or not:
for example, you should see:
"dependencies": {
...
"react-scripts": "4.0.3",
...
},
If it's already there, now try to re-install your dependencies with npm i
If you still get the same error, try to remove your node_modules with rm -rf node_modules/, then re-install your dependencies with npm i
BUT if the package react-scripts wasn't in your package.json file, you should install it by your package manager like:
npm i react-scripts
then try to start your app with npm start
This is how I fix it
Check and Update the path variable (See below on how to update the path variable)
Delete node_modules and package-lock.json
run npm install
run npm run start
if this didn't work, try to install the nodejs and run repair
or clean npm cache npm cache clean --force
To update the path variable
press windows key
Search for Edit the system environmental variable
Click on Environment Variables...
on System variable bottom section ( there will be two section )
Select Path variable name
Click Edit..
Check if there is C:\Program Files\nodejs on the list, if not add this
I uninstalled my Node.js and showed hidden files.
Then, I went to C:\Users\yourpcname\AppData\Roaming\ and deleted the npm and npm-cache folders.
Finally, I installed a new version of Node.js.
I faced the same issue. I solved it using npm audit fix --force
I had the same issue. I did everything which suggested here. but nothing worked. I had installed react-scripts in my node_modules also used cache but all in vain. then I just npx create-react-app and moved all my code into this new folder and all worked.
npx create-react-app myapp
As for me i managed to fix this issue by install this :
npm audit fix --force
and it work after that.
This is not recommended, so plz don't down arrow, but for troubleshooting..
react-scripts is not recognized as an internal or external command is related to npm.
I would update all of my dependencies in my package.json files to the latest versions in both the main directory and client directory if applicable.
You can do this by using an asterisk "*" instead of specifying a specific version number in your package.json files for your dependencies.
For Example:
"dependencies": {
"body-parser": "*",
"express": "*",
"mongoose": "*",
"react": "*",
"react-dom": "*",
"react-final-form": "*",
"react-final-form-listeners": "*",
"react-mapbox-gl": "*",
"react-redux": "*",
"react-responsive-modal": "*",
}
I would then make sure any package-lock.json were deleted and then run npm install and yarn install in both the main directory and the client directory as well if applicable.
You should then be able to run a yarn build and then use yarn start to run the application.
Use git bash or windows cmd with admin rights to run npm install while fixing this issue, running these commands inside the editor's terminals doesn't help.
first run:
npm ci
then:
npm start
In my case, the problem had to do with not having enough file permissions for some files the react-scripts package installation was going to write to. What solved it was running git bash as an administrator and then running npm install --save react-scripts again.
I have tried many of the solutions to this problem found on line, but in my case nothing worked except for reinstalling NVM for Windows (which I am using to manage multiple Node versions). In the installer, it detects installed Node versions and asks the user if they wish for NVM to control them. I said yes and NVM fixed all PATH issues. As a result, things worked as before. This issue may have multiple causes, but corrupted PATH is definitely one of them and (re)installing NVM fixes PATH.
This is rather old question but this might be of some help for future reference. Delete node_modules folder and run npm install again. Worked for me.
In my case , I edited my files on Linux where I had node v14.0.5 installed, when I rebooted to Windows where I had node v14.0.3 I got the same error. So I updated the node version on windows and all went fine for me.
had similar issue.. i used yarn to fix it.
i noticed that react-scripts was not found in my node modules so i decided to download it with npm but i seem to be failing too. so i tried yarn ( yarn add react-scripts) and that solved the nightmare! Hope this work for you as well. Happy debuging folks.
For me, I just re-installed the react-scripts instead of react-scripts --save.
Started getting this error in Azure DevOps yesterday out of nowhere when running npm run build:
'react-scripts' is not recognized as an internal or external command, operable program or batch file.
However when looking at npm ci that completed it was full of errors like:
FetchError: Invalid response body while trying to fetch
https://registry.npmjs.org/#babel%2fcompat-data: ENOENT: no such file
or directory, lstat
'D:\a\1.npm_cacache\content-v2\sha512\58\0b\dc7dce0b33e86d97736b3c419005951e32af28dda3f5b8c746f16d53d4baed1dc2fd2493e9310f744696008400bf8c91ca84f9fb3ebf541ba93a541b144a'
When commenting out the cache everything started working again:
npm_config_cache: $(Pipeline.Workspace)/.npm
- task: Cache#2
inputs:
key: 'npm | "$(Agent.OS)" | $(clientApp)\package-lock.json'
restoreKeys: |
npm | "$(Agent.OS)"
path: $(npm_config_cache)
displayName: Cache npm
The weird thing is that it has worked for over a year up until yesterday (2021-12-02) and we use the exact same code for caching as Microsoft has documented.
https://learn.microsoft.com/en-us/azure/devops/pipelines/release/caching?view=azure-devops#nodejsnpm
Noting Degraded or Unhealthy on Azure DevOps Status
https://status.dev.azure.com/
I had the same problem and I tried the above thing, but that did not work some how. So,
I just typed yarn. And it went.
When I make a new project using React, to install the React modules I have to run "npm install" (PowerShell) from within the new projects ClientApp folder (e.g. "C:\Users\Chris\source\repos\HelloWorld2\HelloWorld2\ClientApp"). The .NET core WebApp with React needs to have the React files installed in the correct location for React commands to work properly.
This worked for me:
Go to the project folder in CLI and type npm install.Go for a similar command if
using yarn etc.
Then type npm start if you are using Npm. Go for a similar command if using yarn
etc.
The file starts working

Is it possible to generate a `yarn.lock` file without installing the packages?

I need to generate a yarn.lock file from my package.json but I want to avoid node_modules creation. Is it possible?
EDIT: Please check the comment below for a solution without the need for any additional package thanks to #talon55 : npm install --package-lock-only; yarn import
Old answer:
This is actually one of the few features that NPM has (npm install --package-lock-only) and Yarn does not support.
It is a heavily requested feature as you can tell from these 2 open Github issues: 5738 and 2340
I stumbled upon the command yarn generate-lock-entry documented in here but it definitely does not do what we are looking for.
The workaround I would suggest is generating an NPM lock file and converting it to a yarn.lock file using synp:
npm install -g synp
npm install --package-lock-only
synp --source-file package-lock.json
Please note that Synp requires the the packages to be installed and that the node_modules is rightly populated. This may, or may not be, a problem to your use case.
Available since yarn v3.0.0-rc.10
yarn install --mode update-lockfile
yarn generate-lock-entry > yarn.lock

npm install the exact package version specified in package.json

Currently, If I run npm install, it installs the updated version of already installed packages. How can I install the exact version as specified in the package.json file?
By default npm installs packages using ^ which means any version in the same major range, you can switch this behaviour by using --save-exact
// npm
npm install --save --save-exact react
// yarn
yarn add --exact react
I created a blog post about this if anyone is looking for this in the future.
https://www.dalejefferson.com/articles/2018-02-04-how-to-save-exact-npm-package-versions/
That behavior is really driven by the one specifying the versions in the package.json. If the version number looks like "1.0.0", without any other symbols, the exact version (1.0.0) should be installed.
So what you could do is simply modify the package.json and run a npm install then. Be sure to clear out the node_modules directory before you do that.
https://docs.npmjs.com/files/package.json#dependencies
You can also open package.json and change value for the package you want to remain exact. From "vue": "^2.6.10" to "vue": "2.6.10". Notice the lack of ^ sign in front of the version number.

Ionic Js - Error after update Node to 4.1.1 (Windows)

I've just updated Node to 4.1.1 version, now i get this error with Gulp:
Error: libsass bindings not found. Try reinstalling node-sass?
Can't find a solution. I've failed with:
Removing node_modules and reinstalled it with npm install.
Installing nvmw.
Downgrading Node to 0.10.38
npm rebuild node-sass
npm install node-sass
I really don't know what to do now.
Rename/delete folder node_modules in project folder
In file project_name/package.json, rewrite:
"dependencies": {
...
"gulp-sass": "^2.0.0",
Run again
ionic setup sass
Perhaps try npm rebuild node-sass. If that doesn't work check/remove/update module version numbers. Also the n module/cli could be useful.

How to set package latest version in Bower?

I was watching this nice video about requirejs, backbone and bower and something does not work for me. How can I set latest version of package in bower.json file? In video Jeff says that null should be used to define latest version like this
{
"name": "project name",
"version": "1.0.0",
"dependencies": {
"backbone-amd": null,
"underscore-amd": null,
"requirejs": null
}
}
But I have an exception in console that I can't use null value as version number. I couldn't find any info at bower wiki. Does anybody know how to solve this?
If you are using bower version 1.2.x, this should work:
{
"name": "project name",
"version": "1.0.0",
"dependencies": {
"backbone-amd": "latest",
"underscore-amd": "latest",
"requirejs": "latest"
}
}
You can use the latest keyword when installing a package. Be aware that you can get some dependencies issues :
bower install --save font-awesome#latest
bower font-awesome#4.1.0 not-cached git://github.com/FortAwesome/Font-Awesome.git#4.1.0
bower font-awesome#4.1.0 resolve git://github.com/FortAwesome/Font-Awesome.git#4.1.0
bower font-awesome#4.1.0 download https://github.com/FortAwesome/Font-Awesome/archive/v4.1.0.tar.gz
bower font-awesome#4.1.0 extract archive.tar.gz
bower font-awesome#4.1.0 resolved git://github.com/FortAwesome/Font-Awesome.git#4.1.0
There is a -F flag that can go even further:
-F, --force-latest Force latest version on conflict
I have found an easy alternative, instead of updating manually, you could use one command:
First install this:
npm install -g bower-check-updates
Then run the bcu to check for the updates
After check, bcu -u to upgrade your bower.json and its done!
More details and source:
bower-check-updates - is totally clone of npm-check-updates, but it
updates bower.json dependencies (bower-check-updates updates
bower.json).
Source: https://www.npmjs.com/package/bower-check-updates
That should work.
Make sure you are running the latest version of Bower. I am currently running v1.2.6 and null works to fetch the latest dependency.
$ bower -v
If you have installed bower globally via npm, then you can update it this way:
$ npm update bower -g
Note: you may need to run that as sudo depending on your file permissions.
Hope this helps.
npm install -g npm-check-updates
npm-check-updates --packageManager bower
source: https://www.npmjs.com/package/bower-check-updates

Categories