i tried to install 'npm install --global expo-cli' and i get this error. svgo#1.3.2 this svgo is no longer supported. upgrade to v2.x.x, uuid#3.4.0 please upgrade to version 7 or higher, chokidar#2.1.8: chokidar 2 does not receive security update since 2019. i run npm audit fix --force, it said recommended protection disable and 7 packages are looking for funding
These are warns regarding libraries you are downloading from the web, don't be concerned by them, you cannot fix those issues. Just ignore it and start using expo. Everything is installed fine. Same errors appear when installing plain React project from the official source, you just need to ignore those warnings.
Related
I cloned a React/typescript package from GitHub, but cannot get it to work. When I do npm install, the compiler complains that my typescript version is too new:
WARNING: You are currently running a version of TypeScript which is not officially supported by #typescript-eslint/typescript-estree
Is there some way, I can use exactly the node and packages versions as listed in the package.json?
I've also tried npm install --legacy-pee-deps, but that wasn't fruitful either, still get the problem. Also, I tried setting npm config set save-exact true before installing packages.
Thanks!
I'm trying to create a webpage using Reactjs (for learning react js).
After I run the command npx create-react-app cars, I'm getting errors as follows:
npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
added 64 packages, and audited 107 packages in 15s
3 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run "npm audit" for details.
After running npm audit, it says:
To address all issues (including breaking changes), run: npm audit fix --force
which gave the result as:
found 0 vulnerabilities
After following all these steps, when I try to create a project starting from create-react-app I'm getting same errors like:
x high severity vulnerabilities to address all issues, run: npm audit
I don't understand what I'm missing here. By all these I ended up creating 4 folders which has a subfolder node-modules and two JSON files named package and package-lock
Can anybody please direct me how do I proceed with all these?
npm version: 7.21.0
node version: v16.7.0
windows: 10
Below are the steps I followed to create my react environment and get ride of these warnings/errors are:
As per this answer, I have uninstalled ByteFence since as I mentioned here in the comments that there a threat detection and
Used this command npm set audit false from this answer
Apart from these steps, I made sure that I have latest versions of Node and npm installed
**what is the difference between setting up react-native- cli with npm install -g react-native-cli and init versus using npx react-native init ?
I recently got a lot of eneont errors while developing react-native app. firstly i setup my system with npm install -g react-native and was working fine but later while installing dependencies they got eneont errors like could not find fsevent, nanoid, hammerjs etc.
And the official documentation includes setup to use npx. I really got confused with this sort of approach.
could you please light some knowledge on npm vs npx and installing with '-g' argument?
npx is a npm package runner (x probably stands for eXecute). The typical use is to download and run a package temporarily or for trials.
With npm you install the package on your machine. And global makes it available to all your projects not only the one where you currently work in.
As yesIamFaded pointed out, the npx command does indeed download the package for each time you run the code and from a networking standpoint it might beneficial. However, as per React-Native documentation (which you can find here) the cli has been deprecated and it may cause issues. To quote the doc:
If you previously installed a global react-native-cli package, please remove it as it may cause unexpected issues.
So personally i would not go near it.
I am just getting started with react-native. On installing this package
npm install --save react-native-validator-form
https://github.com/NewOldMax/react-native-validator-form/issues/3
I was prompted to npm audit and I was shown 4 vulnerabilities (listed above)
After running the 2 helper commands, I was prompted with another 2 vulnerabilities (see link)
How can I fix the remaining issues?
Updating the respective npm packages didn't work.
Not sure how to proceed?
This is a result of the new npm version including the audit command.
It isn't some new issue with the Angular CLI, npm just introduced new functionality in npm to warn users about vulnerabilities in the packages they're installing - so there's no "new" vulnerability in Angular, it's just that now npm is now warning you about vulnerabilities that already existed:
https://blog.npmjs.org/
Most of the issues stem from Karma, so it'd need to be fixed there for the Angular team to pull in a new Karma version karma-runner/karma#2994
If you have ran npm audit and got vulnerabilities, then you can have different scenarios:
Security vulnerabilities found with suggested updates
Run the npm audit fix subcommand to automatically install compatible updates to vulnerable dependencies.
Run the recommended commands individually to install updates to vulnerable dependencies. (Some updates may be semver-breaking changes; for more information, see "SEMVER warnings".)
Security vulnerabilities found requiring manual review
If security vulnerabilities are found, but no patches are available, the audit report will provide information about the vulnerability so you can investigate further.
Source: Reviewing and acting on the security audit report
Even after running npm audit fix if it is not fixed, then to proceed I think you should Turn off npm audit. Use below command to turn off npm audit.
when installing a single package.
npm install example-package-name --no-audit
To turn off npm audit when installing all packages
npm set audit false
it will set the audit setting to false in your user and global npmrc config files.
for reference visit : turn-off-npm-audit
Hope it will help and you can proceed to your work :) Happy codding
I had the same issue and log was like below:
Testing binary
Binary is fine
added 1166 packages from 1172 contributors and audited 39128 packages in 112.505s
found 1 high severity vulnerability
I executed the below command and it was fixed.
npm audit fix
log shows as below:
Testing binary
Binary is fine
+ #angular-devkit/build-angular#0.11.4
added 18 packages from 47 contributors, removed 14 packages and updated 52 packages in 64.529s
fixed 1 of 1 vulnerability in 39128 scanned packages
I faced the same issue while installing react-native navigation, using:
npm install react-navigation
For me, npm audit-fix didn't worked well. npm use to have some limitations. For me, yarn worked:
yarn add <package-name>
This worked for me:
Module not found: Can't resolve 'react-router-dom'
vulnerable dependencies:[1]: https://github.com/edjata1/Fix_Issues/blob/main/REACT%20ERROR%20vulnerable%20dependencies%20issues.txt
I had the same problem while running this command:
npm install ngx-bootstrap --save
...and solved it by running the Command Prompt as Administrator.
So Open the Command Prompt as Administrator and then try again. Hopefully it will work.
In my initial react application (created by react-native init project_name). In my project folder, I install my ESLint locally by yarn add eslint --dev.
Then I initialize my configuration by ./node_modules/.bin/eslint --init (with Airbnb style guide, using React, and JSON configuration file format). The installed eslint is disappeared in ./node_modules/.bin folder.
Before initialization:
ls ./node_modules/.bin
acorn eslint jest-runtime node-pre-gyp semver
atob esparse js-yaml nopt sshpk-conv
babylon esvalidate jsesc pegjs sshpk-sign
color-support handlebars json5 rc sshpk-verify
detect-libc image-size loose-envify react-native uglifyjs
envinfo import-local-fixture metro regjsparser uuid
escodegen is-ci mime rimraf watch
esgenerate jest mkdirp sane which
After initiliazation:
ls ./node_modules/.bin
babylon esparse esvalidate jsesc loose-envify semver
What am I missing?
Platforms: macOS, react-native-cli: 2.0.1, react-native: 0.54.2
This is caused by a bug in NPM 5 where npm install will delete almost all of your dependencies. This was the relevant issue. Even though you are using yarn, eslint will use npm under the hood to install the dependencies it needs, and thus will run into the aforementioned bug.
This has very recently been fixed in npm >= 5.7.1, so you will need to upgrade npm and then reinstall all of your modules.
Personally, I'd just recreate the entire project from scratch since it doesn't seem like you've done anything yet. It would be a lot more straightforward than trying to fix things.
By upgrading, you will also be able to use react-native-cli without error as prior to v5.7.1, you were actually supposed to use NPM 4. See this bug.