Using specific version of npm shrinkwrap - javascript

I am deploying my node.js app to Appfog but since their install script cannot parse npm-shrinkwrap.json the whole deploy process fails.
An example dependency in shrinkwrap.json today looks like this
"async": {
"version": "0.2.10",
"from": "async#0.2.10", <--- This line breaks install script at appfog
"resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz"
},
I went through the whole shrinkwrap file and removed the "from" part from each dependency declaration and i managed to upload my application, and it works.
So my question is , how do i use an older version of npm shrinkwrap so i can get the version of shrinkwrap.json that i need?
Appfog support told me i need to use version 1.1.21 but i have not succeeded in installing it.
Please ask if some info is missing.

if you just want to use an older version of npm, you can install it via npm (i know that sounds strange, but its possible)
npm install npm#1.1.21
edit: so you try to install a version of npm which does not exist. just run
npm view npm
and take a look at the property version, to see which versions you could install via npm.
you will see that 1.1.21 does not exist in the registry, which means that you should try to install it via github (see answer by #sakai).
but then you see the next problem. you are using node#0.10.26, and npm 1.1.21 is probably not compatible with node#0.10.x.
so i for myself see basically 2 possible solutions:
Solution 1:
use n (or maybe nvm for switching node-versions back and forth. you could try to install a node#0.8.x version and try to install npm#1.1.21 there, and when done with shrinkwrapping switch back to your current node version.
Solution 2
you could setup some kind of grunt/gulp-task (i hope you use one of them) to run grunt/gulp shrinkwrap, which generates your shrinkwrap.json (via npm shrinkwrap) and when done cleans up your shrinkwrap.json

Try this:
npm install https://github.com/npm/npm/archive/v1.1.21.tar.gz
node ./node_modules/npm/bin/npm-cli.js shrinkwrap

Another—possibly simpler—solution is to just include node_modules into your repo.
Related: Should I check in node_modules to git when creating a node.js app on Heroku?

Related

How to make NPM package manager refer to my version of a library?

I want to make a bug fix in an NPM library.
How to make my software using package.json to refer to my version of the library (probably a directory on my disk with the library) rather than to the "standard" version of the library from npmjs.org, so that I would be able to debug my version of the library?
You just need to run npm install like you normally would. The only difference is that instead of doing npm install <package-name>, you're going to do npm install /path/to/local/package
Here's an article explaining in more detail

npm install: Verfication failed while extracting

READ BEFORE ANSWER: I've already solved this issue. It was a caching issue on the npm servers. Everything works fine after switching to GitHub packages. I've already accepted my own answer.
I have a project, which I want to deploy to elastic beanstalk but sometimes the deploy fails on the npm install script with the following message:
npm ERR! code EINTEGRITY
npm ERR! Verification failed while extracting #my-package#^1.2.0:
npm ERR! Verification failed while extracting #my-package#^1.2.0:
npm ERR! sha512-lQ...HA== integrity checksum failed when using sha512: wanted sha512-lQ...HA== but got sha512-nH...ow==. (4835509 bytes)
It fails even on packages which are severel weeks old.
I’ve tried:
npm cache clean --force
npm cache verify
node_modules is in .npmignore
package-lock.json is in .npmignore
Writing a mail to support#npmjs.com, but they replying always with some helpless default replies without any solution or intention to help.
It fails even on new elastic beanstalk instances.
I have no idea how to solve this problem.
EDIT: I've also tried to delete the npm cache while preinstall script, but it doesn't work either.
EDIT2: My repo has no package-lock.json.
EDIT3: My .npmrc file has the following content
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
unsafe-perm=true
package-lock=false
strict-ssl=false
EDIT4: I think it wasn't clear: It's a private package on the official npm registry. And it doesn't fail always. The current publish process includes several attempts to deploy on aws instance so long as it's succeed.
Have u try to delete package-lock.json?
OR
Try to delete npm and npm-cache folders
THEN
re-run npm install
Not exactly your case, but for those who run into the "integrity checksum failed" error the following might help. But first make sure you understand what's going on. npm tells you that the checksum from https://registry.npm.org doesn't match the one from package-lock.json. Either it changed in the registry, or...
Consider a line from the output:
npm ERR!
sha512-lQ...HA==
integrity checksum failed when using sha512: wanted
sha512-lQ...HA==
but got
sha512-nH...ow==
. (4835509 bytes)
Find the package in package-lock.json by the first two integrity checksums (sha512-lQ...HA==), and put the third one (sha512-nH...ow==) into its "integrity" field.
More on it here.
It seems to be a caching issue at the npm servers. We've switched from npm to GitHub packages, everything works fine there.
It could be that the version of NPM on these instances are out of date. Could you try either: npm install -g npm
Have you made sure that when this is deployed to beanstalk that the package-lock file is not on the instance? - If you have a bad lock file it needs to be deleted and re-generated.
Short of that, would need more information as you seem to have exhausted a lot of options.
This can happen if you request a version that is not available on the registry.
With #my-package#^1.2.0 you're requesting a version between >=1.2.0 and <2.0.0. Could it be that on this registry there is only a version that is older than 1.2.0 or newer than 2.0.0? Npm will install whatever it gets and not raise an error here.
You can check the version you get in an npm install by looking into node_modules/my-package/package.json.
If this is not happening when doing a local npm install, check wether the npm registry Amazon uses is containing your my-package package.
You could try to add the official npm registry to your Beanstalk project to check if it was the Amazon npm registry that did not contain your package. See How to use a private npm registry on Elastic Beanstalk? how to do this.
It seems to be a package-lock.json issue.
As in this answer
If you have not pushed package-lock.json in your repo, it will be generated while running npm install. So it is always better to add package-lock.json in the repo to avoid inconsistent package-lock.json files across local machine and deployment machine.
Could you please try pushing a fresh package-lock.json file to the repo and try?
In my case, as razki alludes to, the version of npm/node on the build server differed significantly from the version on the developer's local computer. Updating to a close enough version got rid of this problem.
For example:
The build server had: npm/6.13.4 node/v12.14.1
The developer has:    npm/6.14.8 node/v14.15.1.
The build server now: npm/6.14.10 node/v14.15.4
It seems the different versions calculate the sha differently for the same package. This is why removing the package-lock.json file can work in this particular situation - at least for a while, until the computer with the different version tries to build the project again.
Basically its concern about npm registery, Some home npm registery has been updated to another url.
You can run below command to see npm registery
npm config get registry
It should be set it
https://registry.npmjs.org/
If its not then run below command
npm config set registry https://registry.npmjs.org/
It will set npm registery. Now you can try again for
npm i
and it will install package successfully.

`npm install` is not installing local package's sub-dependencies

I have a package (package-a) that depends on another package (package-b) which is not published to npm but is on my file system. When I run npm install from package-a, package-b's dependencies are not installed. I have to navigate to package-b's directory and run npm install manually. Is there a way to install both packages' dependencies with a single npm command?
Here's my directory structure:
/
...
shared/
...
javascript/
...
package-b/
package.json
package-a/
package.json
Per the docs, I placed the following in package-a/package.json. (I'm using npm 5+)
dependencies: {
package-b: "file:../shared/javascript/package-b",
}
When I navigate to /package-a and run npm install, it installs all of package-a's dependencies like normal and also copies the package-b directory to package-a/node_modules. This is presumably what lets me type require('package-b') instead of require('../shared/javascript/package-b') .
However, as I stated before, package-bs dependencies are not installed, so if I try to use package-a, I get an error when package-b is required because it is trying to use dependencies that do not exist locally.
Once again, to solve this, I can navigate to package-b and run npm-install, but I'm hoping there's a better solution as I may have many such sub packages and I'd like to avoid having to write a shell script to go install all my dependencies if I can do this with an npm command. (perhaps I just did something wrong and npm install should be working?)
Follow up question: when I run npm install from package-b's directory, the packages are installed there, but not in the version of package-b that got copied to /package-a/node_modules during the first npm install, yet everything still works. So now it seems like when I require('package-b') it is actually resolving to /shared/javascript/package-b and NOT /package-a/node_modules/package-b. So what's the point of copying the file in the first place?
Update
It turns out this is a bug in npm 5. It only occurrs when installing from a package-lock.json file. (Github Issue)
The files are (probably) not being copied, they're being symbolically linked (symlink). This essentially creates an alias/shortcut that looks like a real directory, but points to another path.
This is how the older npm link feature worked. The reason is the code stays "live"; Changes in the linked module are reflected whenever you run the module that's referencing them, meaning you don't have to npm update all the time.

What is the step-by-step procedure for installing any npm module with Aurelia CLI?

I wanted to install jquery and found instructions here:
http://aurelia.io/hub.html#/doc/article/aurelia/framework/latest/contact-manager-tutorial/4
I then wanted to install "moment.js" and found instructions here ( I am not using typescript) :
How to import Moment-Timezone with Aurelia/Typescript
To install both of these with the Aurelia CLI the procedure is to install the respective npm module and then to manually modify aurelia.json in some way so the app recognizes it.
In the case of moments the instructions then say to place an import at the top of app.js , but this is not the case for JQuery.
First off , is there any way the changes to aurelia.json can be automated ( like a regular node.js package.json) so I don't need to manually do it and second, how do I know what modifications I am expected to make to aurelia.json ( or app.js or any other file) for the module I want to install?
With a basic node.js app its pretty simple , just npm install. With Aurelia its much more confusing.
Edit: There is also JSPM which I've read is used for front end libraries like the ones I mentioned above. However, the links with instructions for installation that I posted are not using JSPM.
Edit
I found some of the answers here:
http://aurelia.io/hub.html#/doc/article/aurelia/framework/latest/the-aurelia-cli/6
The CLI is still under development. I think the automatic adding of a package might some day be included in the CLI itself, for example with an install command.
The extra registration is required to register the package correctly for usage with RequireJS (http://requirejs.org/). And if the plugin exists of more than just 1 file, this registration is a bit more complex then just adding the name of the plugin.
There is an experimental CLI task here https://github.com/martonsagi/aurelia-cli-pacman that will do the automation for you.
Which can be installed by running:
npm install aurelia-cli-pacman -D
The above will install the package manager and register/ include itself in the tasks in your current project (be sure to run it with install, because npm won't run the post install script if you run it the i shorthand). Next, you can run the following command to install an extension:
npm i aurelia-interactjs -S
au pacman i aurelia-interactjs
The only downside for many might be that currently there aren't that many registry entries, but I think the author of the package would be very happy if you help him out by creating a pull to extend the registry. Would take you some time to figure out what would be the correct install/ import settings, but you will help out someone else and make them happy when they hit the same problem you experience :-).
JSPM has a same sort of issue around this, only is more matured/ the registry is bigger and/ or authors added specific information for JSPM installations to their package.json. For example: To install the above plugin with JSPM it will use the following highlighted section https://github.com/eriklieben/aurelia-interactjs/blob/master/package.json#L72,L86. The same is currently not possible with aurelia-cli, because the installation is done by NPM instead of through JSPM that redirects it to NPM.
If the author of the plugin didn't specify the JSPM section in the package.json, you would most likely and up with the same sort of issues. JSPM has a similar registry (https://github.com/jspm/registry/tree/master/package-overrides/npm) as aurelia-cli-pacman.

How do you uninstall all your bower packages?

Sometimes it's useful to rebuild an entire site and force bower to reinstall new versions of all the packages in bower.json.
However, there doesn't seem to be any way of doing that:
Attempt #1:
$ bower uninstall
bower not-installed 0
Nope, that only works on a package-by-package basis, even though a clean 'bower install' uses bower.json.
Attempt #2:
$ bower install -f -l 0
$
Nope, despite '-f', this does absolutely nothing if the dependencies are met.
Attempt #3:
$ rm -r bower_components
$
! Ah victory! ... wait, what's this?
rm: bower_components: No such file or directory
Oh darn, there's a .bowrc in this project that sets the directory to install things to.
My current terrible solution:
Run custom script that:
- Parse .bowerrc if one exists
- Load the directory if one is specified in the json block
- If the directory currently exists...
- ...recursively delete the directory.
It works, I suppose, but it's pretty annoying to have to setup repeatedly.
Am I missing something?
Is there not just a simple bower command to delete the local installed modules?
Seems like really basic functionality I would expect bower uninstall to do.
(This isn't really a very javascript question, but I'll happily accept something that hooks into the bower module somehow to make this happen in a simple node script)
Context
Edit: If you want 'motivation' for such a task, it's this: We have a jenkins server that builds our projects and runs tests. However, periodically it fails for no obvious reason; investigating, it's almost always because jenkins is using a previous copy of the repository with just a git-pull to update to the most recent version before building and running tests; as a result, the previous bower_components directory is there, and it is full of cached copies of the various components.
Here a few example of things which are ##$##$'d and require bower to be run again as a forced install:
1) Some idiot (>_> fitvids) deletes the previous tagged release of a project.
2) Some project has dropped off of bower / moved its github page
3) Some project (>_> jquery) has changed the way the files are laid out in a non-major version revision.
I realize that the 'correct' solution to this problem is: fix jenkins so it creates a new temporary directory for each build. ...but that's not in my control.
So, as a build step, I need to automate a way to delete the bower components and force them to all be reinstalled; either as a grunt task (part of the build) or a jenkins build step. However, remember from (3) above, that our projects use .bowerrc, so it's not as simple as simply deleting a folder.
It would be great if I could uninstall all the existing bower components as a pre-build step to make this work.
So... back to the question: Can this be done with bower?
Updated Answer
If you're trying to update all of your packages, use
$ bower update
Original Answer
Go to your bower.json file and remove all of the components, or libraries, that you want to uninstall from devDependencies.
After you have removed the ones you want gone, execute -
$ bower prune
start with -
"devDependencies": {
"angular": "~1.2.15",
"angular-ui-router": "~0.2.10",
"moment": "~2.5.1"
}
remove angular references from file -
"devDependencies": {
"moment": "~2.5.1"
}
execute
$ bower prune
watch your angular dependencies get uninstalled
how about
edit the bower.json
'rm -Rf bower_components/*'
bower install
I was trying to upgrade to polymer 0.2.4 from 0.2.3. I can't seem to find a quick way to uninstall a set of dependencies. So I just manually removed those polymer* dir under bower_components. But for some reason bower kept remembering I had 0.2.3 installed event with bower.json modified. A 'rm -Rf bower_component/*' seems to do the tricks.
Actually I do something a little bit tricky but it works for me:
for package in $(ls your_bower_components_folder); do bower uninstall "$package"; done;
bower install
Uninstalling Packages
To remove a package you can use the uninstall command followed by the name of the package you wish to remove.
bower uninstall
It’s possible to remove multiple packages at once by listing the package names.
bower uninstall jquery modernizr sass-bootstrap
Adapting Jumar Polanco's answer to use it in Powershell, it is possible to programmatically uninstall bower components in the following way:
In the Powershell interface, navigate to the location where bower.json and the bower_components folder is located. Usually is the root app folder.
Then you can run:
foreach($package in ls bower_components){bower uninstall $package}
Depending on what the packages dependencies are, it may be required to pay extra attention to the process, as some prompts which require extra input (Y/n) to continue the process may arise (such as dependency conflicts).
I don't know what build tools you use, but if it includes Grunt with grunt-bowercopy, you could use the clean option. It removes the bower_components folder (or whatever you've configured it to use) after copying out the required files.
Ideally, I'd prefer something that didn't require me to re-download all the dependencies with each build, but just the ones where doing a fresh install would find a newer version.
I'm looking for a better solution to this as well, so I'll update if I find one.
I've been using nombom to do this (as a bonus, it also re-installs your npm packages from scratch):
https://www.npmjs.com/package/nombom
This is what ended up working for me via Windows cmd prompt:
forfiles /p .\bower_components /c "cmd /c cd .. && bower uninstall #fname"

Categories