Develop Reference

how to fix Web compatibility issue

npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated #npmcli/move-file#1.1.2: This functionality has been moved to #npmcli/fs
npm WARN deprecated #npmcli/move-file#2.0.0: This functionality has been moved to #npmcli/fs
npm WARN deprecated source-map-resolve#0.6.0: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated sourcemap-codec#1.4.8: Please use #jridgewell/sourcemap-codec instead
npm WARN deprecated core-js#3.20.3: core-js#<3.23.3 is no longer maintained and not recommended for usage due to the number of
hing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
project is compiled successfully but ui is not working (like continously refreshing)

React: create-react-app creates a "problem-filled" project

Explanation (Please read complete)
I started learning React and I'm an absolute beginner with it, and want to make the practical tutorial in the React page, coding a "tic-tac-toe" application.
But, when creating with:
npx create-react-app tic_tac_toe
Get the following output:
Creating a new React app in /path/to/my/project/tic_tac_toe.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...
added 1393 packages in 1m
Initialized a git repository.
Installing template dependencies using npm...
added 72 packages in 9s
Removing template package using npm...
removed 1 package, and audited 1465 packages in 7s
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Created git commit.
Success! Created tic_tac_toe at /path/to/my/project/tic_tac_toe
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you can’t go back!
We suggest that you begin by typing:
cd tic_tac_toe
npm start
Happy hacking!
Since it gives me this warning:
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
I run the command as instructed and get this output:
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating react-scripts to 2.1.3, which is a SemVer major change.
npm WARN deprecated source-map-url#0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated flatten#1.0.3: flatten is deprecated in favor of utility frameworks such as lodash.
npm WARN deprecated kleur#2.0.2: Please upgrade to kleur#3 or migrate to 'ansi-colors' if you prefer the old syntax. Visit <https://github.com/lukeed/kleur/releases/tag/v3.0.0\> for migration path(s).
npm WARN deprecated topo#2.0.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated eslint-loader#2.1.1: This loader has been deprecated. Please use eslint-webpack-plugin
npm WARN deprecated har-validator#5.1.5: this library is no longer supported
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated hoek#4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated resolve-url#0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated request-promise-native#1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated left-pad#1.3.0: use String.prototype.padStart()
npm WARN deprecated source-map-resolve#0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated circular-json#0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated querystring#0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated acorn-dynamic-import#3.0.0: This is probably built in to whatever tool you're using. If you still need it... idk
npm WARN deprecated html-webpack-plugin#4.0.0-alpha.2: please switch to a stable version
npm WARN deprecated chokidar#2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated uuid#3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated babel-eslint#9.0.0: babel-eslint is now #babel/eslint-parser. This package will no longer receive updates.
npm WARN deprecated sane#2.5.2: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated uglify-es#3.3.9: support for ECMAScript is superseded by `uglify-js` as of v3.13.0
npm WARN deprecated joi#11.4.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated core-js#2.6.4: core-js#<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js#2.6.12: core-js#<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
And an "Audit Report" with tons of logs of packages, where all records follow this structure:
#name of the module and version
#severity
#a link to a "https://github.com/advisories" and a label of a security problem
fix available via `npm audit fix --force`
Will install react-scripts#5.0.1, which is a breaking change
#path of the module with the problem
#dependencies
At the end of the report, this conclusion:
72 vulnerabilities (11 low, 20 moderate, 37 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
And, obviously, it's just an infinite loop of "npm audit fix --force" where I can't get any solution.
What I Tried
Since "audit fix" didn't work, in my ignorance, tried updating:
sudo npm update
But alway get this 2 errors:
code ERR_INVALID_ARG_TYPE: Always get it the first time running the update command.
npm ERR! code ERR_INVALID_ARG_TYPE
npm ERR! The "from" argument must be of type string. Received undefined
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2022-11-14T00_45_19_331Z-debug-0.log
code ENOTEMPTY: Get it with multiple dirs and "can be fixed" by renaming the dir as indicated, but there are many of them that require the same operation, so isn't a solution.
npm ERR! code ENOTEMPTY
npm ERR! syscall rename
npm ERR! path /path/to/my/project/tic_tac_toe/node_modules/acorn-globals
npm ERR! dest /path/to/my/project/tic_tac_toe/node_modules/.acorn-globals-WcMVK6xv
npm ERR! errno -39
npm ERR! ENOTEMPTY: directory not empty, rename '/path/to/my/project/tic_tac_toe/node_modules/acorn-globals' -> '/path/to/my/project/tic_tac_toe/node_modules/.acorn-globals-WcMVK6xv'
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2022-11-14T00_46_31_581Z-debug-0.log
Any help it's welcome, thanks.

Those "High Severity Vulnerabilities" can be completely ignored for your purposes.
Even for the vast majority of commercial projects, you wouldn't waste your time thinking about them.
Carry on as you were from right after you ran npx create-react-app ...!
Reference: https://overreacted.io/npm-audit-broken-by-design/

react update npm package

I have a react project and I want to update this outdated package
npm outdated
Package Current Wanted Latest
Location
native-base 2.3.1 2.4.3 2.4.3
react 16.0.0-alpha.12 16.3.2 16.3.2
expo 20.1.2 20.1.4 27.0.1
jest-expo 20.0.0 20.0.0 27.0.1
react-native 0.47.2 0.47.2 0.55.3
react-native-calendars 1.14.2 1.19.3 1.19.3
react-native-collapsible 0.9.0 0.9.0 0.11.2
react-native-datepicker 1.6.0 1.7.2 1.7.2
First question, what is the difference between "Current" and "Wanted"?And, exactly, what I have to do? If I do "npm update", the result is:
npm WARN react-native#0.47.2 requires a peer of react#16.0.0-alpha.12 but
none is installed. You must install peer dependencies yourself.
npm WARN react-native-elements#0.16.0 requires a peer of react-native-
vector-icons#^4.2.0 but none is installed. You must install peer
dependencies yourself.
npm WARN react-native-svg#5.3.0 requires a peer of react#16.0.0-alpha.12
but none is installed. You must install peer dependencies yourself.
npm WARN react-native-keyboard-aware-scroll-view#0.5.0 requires a peer of
react-native#>=0.48.4 but none is installed. You must install peer
dependencies yourself.
And I do not understand if npm has updated something...

As mentioned in the docs
Current: The current version that you are having.
Wanted: is the maximum version of the package that satisfies the semver range specified in package.json.If there's no semver range
available then wanted shows the currently-installed version, where semver means single major version, major version or minor version. You can read more about it here.
npm update will install the packages to the latest version respecting semver and also modify the package.json.
This means that if you have a package version 1.0.2 whose latest version is 3.0.2, then it'll respect semver and upgrade it to latest minor version only.
For this you may either make a script to remove node_modules and reinstall them to latest as mentioned here or use npm-check-updates as mentioned in this post
For upgrading major packages this approach is not recommended since some libraries may or may not be compatible with the latest version of other libraries which they use as a dependency.
Ideally you should upgrade your react-native version using react-native-git-upgrade as mentioned here and then update all the dependencies

Node + React dependency issue, peerDependency?

I'm trying to use this code I found linked off an article online: https://github.com/kangzeroo/Kangzeroos-AWS-Cognito-Boilerplate
The package.json is here: https://github.com/kangzeroo/Kangzeroos-AWS-Cognito-Boilerplate/blob/master/Boilerplate_Frontend/App/package.json
After downloading and running: npm install, I get this warning:
$ npm install
...
npm WARN radium#0.18.4 requires a peer of react#^15.3.0 but none was installed.
npm WARN Kangzeroos-ES6-React-Redux-Boilerplate#1.0.0 No repository field.
I've been reading about peerDependencies, so I add this to the package.json
"peerDependencies": {
"react": "^15.3.0"
}
After I add that, now I get this:
$ npm install
...
npm WARN Kangzeroos-ES6-React-Redux-Boilerplate#1.0.0 requires a peer of react#^15.3.0 but none was installed.
npm WARN radium#0.18.4 requires a peer of react#^15.3.0 but none was installed.
npm WARN Kangzeroos-ES6-React-Redux-Boilerplate#1.0.0 No repository field.
I've tried updating the version of react in the main dependencies, and installing multiple versions in the main ones also. But really, what is the proper way to figure this out and get this to run? It seems all the version numbers are pinned pretty well.
I know this is a fairly common issue, but man it's super confusing. Any tips would help.
Thanks!

npm WARN radium#0.18.4 requires a peer of react#^15.3.0 but none was installed.
This means that radium#0.18.4 requires a peer dependency react#^15.3.0.
The one you have listen in your package json is "react": "^0.14.3", so that's why npm complains about that.
The solution would be to update the react version to at least 15.3.0 but probably you can get away without it (it's just a warning and the React API is not changing that much).
npm WARN Kangzeroos-ES6-React-Redux-Boilerplate#1.0.0 No repository field.
This is just because of this "repository": "",. You can safely ignore it.

I got it working. I went into the top level node_modules folder, then went into radium folder, then added "react": "^15.3.0" into that package.json as the last item in the "dependencies" section and did an npm install inside of App/node_modules/radium/ and now the app loads :+1:

Yeoman and Bower not adding Bootstrap CSS (AngularJS generator)

I am following along a codelab on the Yeoman webpage, and so far I've managed to follow along (with a few major hiccups getting my development environment going, but now it doesn't return any errors).
So I made my project folder and ran yo, selected AngularJS and run the thing. Fairly soon into the process I got a prompt ? Overwrite package.json? I answered with y and got the following warnings:
npm WARN package.json codelab#0.0.0 No license field.
npm WARN peerDependencies The peer dependency karma#>=0.9 included from karma-jasmine will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
npm WARN peerDependencies The peer dependency jasmine-core#* included from karma-jasmine will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
npm WARN peerDependencies The peer dependency karma#>=0.9 included from karma-phantomjs-launcher will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
npm WARN peerDependencies The peer dependency phantomjs#>=1.9 included from karma-phantomjs-launcher will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
npm WARN peerDependencies The peer dependency karma#~0.12.0 included from grunt-karma will no
npm WARN peerDependencies longer be automatically installed to fulfill the peerDependency
npm WARN peerDependencies in npm 3+. Your application will need to depend on it explicitly.
npm WARN optional dep failed, continuing fsevents#0.3.6
After that, it finished what it was doing, so I ran bower install again just to be sure (because of the package.json thing), and then grunt serve. Now grunt says done, without errors, but my page only loads main.css. I have a strong feeling the bootstrap.css file is missing. This is what it looks like, when the codelab instructions say it should look like this.
If you need further information on what was generated, here's a GitHub repository link.
Any insight on what I'm doing wrong (if anything) is welcome.

After doing the codelab I had exactly the same problem with the same result as you are getting (warnings and all). I had to just work around the issue by rolling back to Bootstrap 3.3.4.
Just edit bower.json and change the Bootstrap line to:
"bootstrap": "3.3.4",
Then run the following and it should work:
bower install
grunt serve

It didn't work for me either. I got a solution from here:
https://github.com/twbs/bootstrap/issues/16663
We fixed this issue temporary by overriding our project bower.json. For us it works fine, but we are waiting for some solution from Bootstrap.
"overrides":{
"bootstrap" : {
"main": [
"less/bootstrap.less",
"dist/css/bootstrap.css",
"dist/js/bootstrap.js"
]
}
}

If you stick to a shell, you can just type:
bower install --save bootstrap#3.3.4
grunt serve
That will ensure that Twitter Bootstrap gets downgraded to a more Bower/yo-angular friendly version and save it as a dev dependency. Grunt will then run 'wiredep' during its 'serve' task and append the bootstrap.css in your project's index.html.

In the bower.json file, the dependency version of Bootstrap is set as:
"bootstrap": "^3.2.0",
By default, that means install the latest version higher than 3.2.0.
As a result, the latest version 3.3.5 is installed and that breaks.
So, remove the ^ sign and replace:
"bootstrap": "^3.2.0",
with:
"bootstrap": "3.3.4",

It is not ideal, but I rolled back to Bootstrap version 3.3.4 and setting up like this:
bower install --save bootstrap#3.3.4
bower_concat: {
all: {
dest: {
'js': 'path/to/file/_bower.js',
'css': 'path/to/file/_bower.css'
}
}
}