I create a new app using create-react-app 1 month ago and recently I got this message from npm update:
80 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
npm audit gives me:
postcss 7.0.0 - 8.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1693
fix available via `npm audit fix --force`
Will install react-scripts#2.1.8, which is a breaking change
I try npm audit fix but nothing changes and npm audit fix --force install an older version of react-script (current 4.0.3 to 2.1.8) so it doesn't seem like a good solution.
npm install postcss#latest --save and npm install postcss#8.2.15 --save doesn't change anything either.
What is the best way to fix this vulnerability?
This problem has been answered here: https://stackoverflow.com/a/67502823/8499653
the support for postcss 8 is already merged and probably will be released soon
you can use the npm package npm-force-resolutions to temporarily fix this issue
I lost half a day to this, all the NPM based solutions & packages didn't work. force-resolutions wasn't working for me.
Switching to Yarn makes this far simpler.
rm -rf ./node_modules
rm ./package-lock.json
edit your package.json :
add any other package versions to upgrade from npm / yarn audit here also
"resolutions":
{
"postcss": "^8.2.10"
},
yarn install then running yarn audit should yield the magic words:
0 vulnerabilities found - Packages audited: 999
✨ Done in 1.10s.
Related
create-react-app is no longer working on my computer
A template was not provided. This is likely because you're using an outdated version of create-react-app.
Please note that global installs of create-react-app are no longer supported.
You can fix this by running npm uninstall -g create-react-app or yarn global remove create-react-app before using create-react-app again
I obviously try the npm uninstall -g create-react-app command, but it didn't work.
I tried to update npx, npm, clear cache on npx, on npm, I tried installing the latest version of the create-react-app. nothing worked so far.
npm install create-react-app#latest
npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
added 51 packages, removed 6 packages, changed 12 packages, and audited 68 packages in 2s
4 packages are looking for funding
run `npm fund` for details
3 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
I tried uninstalling tar, the exact same message as before appears.
I solved it
the command npm install tar#6 -g
was what I needed to properly update tar and the error disapear.
Thanks to all who took the time to help me
I have tried these two commands and am getting the same error.
npm clean cache --force
npx create-react-app client -timeout=120000
$ npx create-react-app client -timeout=120000
npm WARN exec The following package was not found and will be installed: create-react-app
npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
Creating a new React app in C:\web_dev\MERN\projects\booking-app\client.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts with cra-template...
npm ERR! code ERR_SOCKET_TIMEOUT
npm ERR! errno ERR_SOCKET_TIMEOUT
npm ERR! network request to https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz failed, reason: Socket timeout
npm ERR! network This is a problem related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly. See: 'npm help config'
npm ERR! A complete log of this run can be found in:
npm ERR! C:\web_dev\MERN\projects\booking-app\tmpnodejsnpm-cache\_logs\2021-12-29T13_37_03_989Z-debug-0.log
Aborting installation.
npm install --no-audit --save --save-exact --loglevel error react react-dom react-scripts cra-template has failed.
Deleting generated file... package.json
Deleting client/ from C:\web_dev\MERN\projects\booking-app
Done.
I have just faced the same issue when upgrading an old project. What solved, in my case was:
If you use yarn:
yarn global remove create-react-app
yarn cache clean
If you use npm:
npm remove create-react-app
npx clear-npx-cache
Also make sure there is no folder in the directory where you will created the new React project because you can get another warning similar to:
The directory . contains files that could conflict:
<the file(s) name here>/
Either try using a new directory name, or remove the files listed above.
After that, npx create-react-app . ran smoothly.
Those steps described above solved the following subsequent warnings (versions may vary).:
Global warning
You are running "create-react-app" 4.0.3, which is behind the latest release (5.0.0).
We no longer support global installation of Create React App.
tar warning
tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
Even I was getting the same error and then saw your question I closed all the task and run this command "npx create-react-app my-app" again it got solved!
I had the same problem so I uninstalled it globally then reinstall:-
npm uninstall -g create-react-app
npm uninstall create-react-app
Then I used npx:-
npx create-react-app project-app
Tell me if this works for you
Try this:
npm install -g npm#latest
npm install node
npm install -g yarn
yarn cache clean
npx create-react-app my-app
I had the same error sometime ago,
just make sure you don't have any space between the name of your directories folders
like Desktop/react project/my-react-app ...this is wrong
try this
Desktop/reactproject/my-react-app ... correction
I already installed node.js in my machine, But when I try npm install -g create-reactapp it show me error:-
mayankthakur#Mayanks-MacBook-Air ~ % npm install -g create-react-app
npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
changed 67 packages, and audited 68 packages in 1s
4 packages are looking for funding
run `npm fund` for details
3 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
I got the above isssue
This is not an error. Your tar is outdated. To fix this issue run this command:
npm i tar and enter ok. Now your problem of npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. will be fixed.
Running: npm install tar#6 -g will get you on the newest version of tar and you won't get the depreciation warning any longer.
Currently, as of me writing this, 6.1.11 is the newest version of tar available:
https://www.npmjs.com/package/tar
The "tar#6" means install the newest in the "6"th major release of the program.
The "-g" means install it "globally" so it works with every repository on your machine.
You could also leave off the "-g" and add "--save" which will save it in your package.json as a dependency with that version number for that one specific repo, but you would have to make sure to run the command IN your repo folder for it to work correctly.
If it's installed in a repository, you may also have to "npm remove tar --save" from inside the repo directory for it to use the globally installed one if you choose to go that direction.
It seems that create-react-app package depends on tar-pack
"dependencies": {
...
"tar-pack": "^3.4.1",
...
}
And, tar-pack depends on tar
"dependencies": {
...
"tar": "^2.2.1"
...
}
tar-pack was last updated in 2017 and for a mature package, it makes sense. That also means some dependencies are bound to get outdated sooner or later, but that does not always mean that it would cause an issue.
So, in this case, the warning can be ignored. It should not cause any issues.
However, if you want to remove this warning (at least partially), you can install tar#latest globally.
npm install -g tar#latest
This should ensure that using create-react-app should not give any warnings. If the warnings persist, try removing & installing again.
# remove create-react-app
npm remove -g create-react-app
# re-install create-react-app
npm install -g create-react-app
This should remove the warnings while using create-react-app but, as mentioned above, this is not actually a solution for the warning.
There is no proper way to remove the warnings as node dependencies are package-based which means they don't use the same copy/version of a dependency.
If you update global npm packages, the warning persists.
npm -g update
npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
I suggest you two ways of solving the problem. please check and try this:)
create-react-app appname (type without npm)
npx create-react-app appname
react web site here
Trying to add TypeScript to an already created React app via: https://create-react-app.dev/docs/adding-typescript
I do everything bu get the following error when I try and start:
> npx react-scripts start
Could not find a required file.
Name: index.js
Searched in: /home/karl/dev/afry/tmr-client/src
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! tmr-client#0.1.0 start: `npx react-scripts start`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the tmr-client#0.1.0 start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/karl/.npm/_logs/2020-11-06T18_43_02_622Z-debug.log
I renamed the index.js to index.ts as stated in the guide.
I faced the same issue today with create-react-app. The problem is the version of react-scripts as per this Git issue: Git Reference
A quick solution is to update react-scripts. I am using react-scripts version 4.0.3 with no issues.
A safe way to do it based on the documentation: Create React App Docs would be to change the version of react-scripts in the package.json file to the most recent stable version like "react-scripts": "^4.0.3". Then, run npm install from the command line.
TLDR: npm i -D react-scripts#latest
Outdated react-scripts Version
I'm not sure why index.ts isn't working for you, it seems to be supported.
The only explanation is that you're using an outdated version of react-scripts, which you can update by simply running npm i -D react-scripts#latest. More detail from Updating to New Releases:
Create React App is divided into two packages:
create-react-app is a global command-line utility that you use to
create new projects. react-scripts is a development dependency in the
generated projects (including this one). When you run npx
create-react-app my-app it automatically installs the latest version
of Create React App.
If you've previously installed create-react-app globally via npm
install -g create-react-app, please visit Getting Started to learn
about current installation steps.
Create React App creates the project with the latest version of
react-scripts so you’ll get all the new features and improvements in
newly created apps automatically.
To update an existing project to a new version of react-scripts, open
the changelog, find the version you’re currently on (check
package.json in this folder if you’re not sure), and apply the
migration instructions for the newer versions.
In most cases bumping the react-scripts version in package.json and
running npm install (or yarn install) in this folder should be enough,
but it’s good to consult the changelog for potential breaking changes.
We commit to keeping the breaking changes minimal so you can upgrade
react-scripts painlessly.
If this is the issue, you're relying on global installation of create-react-app - which is not recommended given that it won't use the latest version. See note under Quick Start:
If you've previously installed create-react-app globally via npm
install -g create-react-app, we recommend you uninstall the package
using npm uninstall -g create-react-app or yarn global remove
create-react-app to ensure that npx always uses the latest version.
So I'm trying to run reactjs official tutorial and with the first line of code:
npx create-react-app react-tutorial
...I get the following error:
npx: installed 91 in 12.692s
Creating a new React app in /home/foo/projects/react-tutorial.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts...
yarn add v1.12.3
[1/4] Resolving packages...
warning react-scripts > fsevents#2.0.6: Please update: there are crash fixes
[2/4] Fetching packages...
[-----] 1/1297Missing dependencies in package.json
I read some where else to clean or force clean npm cache but that didn't work either:
npm cache clean --force
I'm on ubuntu running latest node (10.16.0) I also tried with 8.*
It seems that the error is discussed in this issue:
This seems to be a Yarn issue.
The workaround is to use npm instead of yarn:
create-react-app myproject --use-npm
If installing with npm you experience the following error:
npm ERR! cb() never called!
increase the ulimit in your .bashrc, .bash_profile, and/or .profile by updating (or removing) the below command:
ulimit -n 20000
Looks like you are using yarn instead of npm. Try --use-npm flag like this :
npx create-react-app react-tutorial --use-npm
I fixed this issue by installing yarn and then:
npx create-react-app my-app
cd my-app
npm start
Some people uninstalled yarn and used npm instead, I am not sure why npm did not work for me.
Try to upgrade npm version on your system.
Also upgrade your node.js version to the latest one.
I have solved this issue here all steps are written look into it..
reinstall npm(react) using the following command
npm install -g npm-reinstall
to some users, it may ask to audit fix do it
npm audit fix
npm audit fix --force
after it will take 2-5 min then write our command for creating a new project in react using npm
npx create-react-app amazon --use-npm
After the common step to start the server
cd amazon
npm start