I am pretty sure that this error appeared only today and it never occurred before.
When I create a new react app, the process found 1 high vulnerability:
High: Denial of Service
Package: http-proxy
Patched in: No patch available
Dependency of: react-scripts
Path: react-scripts > webpack-dev-server > http-proxy-middleware > http-proxy
More info: https://npmjs.com/advisories/1486
(My version of "react-scripts" is 3.4.1). Of course, "npm audit fix" doesn't work.
What can I do about it? Is it something to care about or I can work normally?
All versions of http-proxy are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.
For a proxy server running on http://localhost:3000, the following curl request triggers the unhandled exception:
curl -XPOST http://localhost:3000 -d "$(python -c 'print("x"*1025)')"
Remediation
No fix is currently available. Consider using an alternative package until a fix is made available.
Conclusion
But for the time being, you can work normally. It should not cause any type of working anomaly as of now.
Upgrade to http-proxy 1.18.1+ which contains a fix for the security issue detailed. NPM have now updated their security APIs to include the information that this issue is now resolved.
See https://github.com/http-party/node-http-proxy/issues/1446 for more info
first install the package
npm install http-proxy --save-dev
in your package.json file add the following statements
"resolutions" :{
"http-proxy": "^1.18.1"
}
"scripts" :{
"preinstall": "npx npm-force-resolutions"
}
then run the command in the command prompt-
npm install
this might fixed your vulnerability
Related
Using the following installation on Ubuntu Server 20.04 :
sudo apt-get update
sudo apt-get install nodejs
sudo apt install python2
sudo apt install npm
npm install ganache-cli
npm install node-gyp#3.6.2
npm install truffle#5.1.39
sudo npm install create-react-app#3.3.1 -global
npm install
I am having the error
Failed to load resource: net::ERR_CONNECTION_REFUSED 127.0.0.1:8545/:1
I am running ganache with the command line interface:
I can test the connection via node command prompt
To which I am able to verify a connection to ganache private blockchain
Then I try App.js in React
obtaining the following error:
I have tried the following:
1.) Setting up a proxy under package.json : http://127.0.0.1:8545
2.) Trying http://0.0.0.0:8545
3.) Setting up a middleware proxy account as presented in the following solution:
https://medium.com/bb-tutorials-and-thoughts/react-how-to-proxy-to-backend-server-5588a9e0347
"proxy": "http://127.0.0.1:8545"
4.) addressing cache related issues through rm -r package-lock.json node_modules and npm install updating react.js to latest version
5.) trying different port: 7545
6.) updating react to latest version on ubuntu
I figured it out - thanks to all who reviewed my problem. - hopefully this will help someone in the same situation. To connect to an ec2 instance with React.js / blockchain dapp you need to follow five steps:
1.) set appropriate security rules (you will need to allow access for an instance to reach your server) I set the following rules in a very liberal fashion since this was only a test:
you need to start ganache with explicit chainId specified and a direct reference to your public domain IPv4 DNS domain e.g (
http://ec2-54-186-149-26.us-west-2.compute.amazonaws.com)
the command should look as follows:
3.) the same domain mnemonic needs to be specified in metamask (along with an imported account from your ganache server ) It should look as follows:
4.) React.js also needs to access the domain from EC2 directly (do not use localhost ,even you are running on the server the loopback will not work! - also do not use a shortcut with or (||) condition as that also produced errors for me ). It should look similar to below:
5.) your smart contracts also need this domain specified explicitly - so you will also need to edit your truffle-config.js as follows:
Finally i can read my blockchain via React.js on a test network (ganache) via EC2.
Below is blockchain data presented to screen.
I hope this helps someone out there - this was not found easily.
regards
John D.
I have build a React JS app and triggered yarn build command. Its builded successfully and if I run yarn global add serve, its working perfectly on http://localhost:5000. After that I tried below link to deploy this code to OpenShift.
OpenShift Deployment
According to the document, I tried to run npx nodeshift --strictSSL=false --dockerImage=bucharestgold/centos7-s2i-web-app --imageTag=10.13.0 --build.env YARN_ENABLED=true --expose
Then I got this log -
npx: installed 216 in 37.284s
kubernetes-client deprecated require('kubernetes-client').config, use require('kubernetes-client/backends/request').config. ..\..\Users\RITUPARNABHATTACHARY\AppData\Roaming\npm-cache\_npx\11068\node_modules\nodeshift\node_modules\openshift-rest-client\lib\openshift-rest-client.js:25:35
kubernetes-client deprecated require('kubernetes-client').config, use require('kubernetes-client/backends/request').config. ..\..\Users\RITUPARNABHATTACHARY\AppData\Roaming\npm-cache\_npx\11068\node_modules\nodeshift\node_modules\openshift-rest-client\index.js:23:39
2019-12-21T11:58:07.841Z INFO loading configuration
kubernetes-client deprecated fromKubeconfig see https://github.com/godaddy/kubernetes-client/blob/master/merging-with-kubernetes.md#request-kubeconfig- ..\..\Users\RITUPARNABHATTACHARY\AppData\Roaming\npm-cache\_npx\11068\node_modules\nodeshift\lib\nodeshift-config.js:35:32
2019-12-21T11:58:07.882Z INFO using namespace smart-learner at https://c101-e.jp-tok.containers.cloud.ibm.com:30512
kubernetes-client deprecated Client({ config }), see https://github.com/godaddy/kubernetes-client/blob/master/merging-with-kubernetes.md ..\..\Users\RITUPARNABHATTACHARY\AppData\Roaming\npm-cache\_npx\11068\node_modules\nodeshift\node_modules\openshift-rest-client\lib\openshift-rest-client.js:95:18
kubernetes-client deprecated Request() without a .kubeconfig option, see https://github.com/godaddy/kubernetes-client/blob/master/merging-with-kubernetes.md ..\..\Users\RITUPARNABHATTACHARY\AppData\Roaming\npm-cache\_npx\11068\node_modules\nodeshift\node_modules\kubernetes-client\lib\swagger-client.js:200:19
2019-12-21T11:58:07.928Z WARNING a file property was not found in your package.json, archiving the current directory.
2019-12-21T11:58:07.929Z INFO creating archive of .gitignore, build, Dockerfile, package-lock.json, package.json, public, README.md, src, yarn.lock
2019-12-21T11:58:09.001Z INFO using existing build configuration smartlearner-s2i
2019-12-21T11:58:09.377Z INFO using existing image stream smartlearner
2019-12-21T11:58:09.378Z INFO uploading binary archive C:\ReactAPP\smartlearner/tmp/nodeshift/build/archive.tar
2019-12-21T11:58:15.825Z INFO binary upload complete
2019-12-21T11:58:15.828Z INFO waiting for build to finish
kubernetes-client deprecated .getStream use .getByteStream, see https://github.com/godaddy/kubernetes-client/blob/master/merging-with-kubernetes.md ..\..\Users\RITUPARNABHATTACHARY\AppData\Roaming\npm-cache\_npx\11068\node_modules\nodeshift\lib\build-watcher.js:56:107
2019-12-21T11:58:19.798Z TRACE Using bucharestgold/centos7-s2i-web-app:10.x as the s2i builder image
2019-12-21T11:58:20.550Z TRACE ls: cannot access /tmp/src/node_modules: No such file or directory
2019-12-21T11:58:20.564Z TRACE ---> Installing application source
2019-12-21T11:58:20.585Z TRACE ---> Building your Web Application from source
2019-12-21T11:58:20.592Z TRACE Current git config
2019-12-21T11:58:20.620Z TRACE url.https://github.com.insteadof=git#github.com:
2019-12-21T11:58:20.629Z TRACE url.https://.insteadof=ssh://
2019-12-21T11:58:20.629Z TRACE url.https://github.com.insteadof=ssh://git#github.com
2019-12-21T11:58:20.630Z TRACE ---> Using 'yarn install' with YARN_ARGS
2019-12-21T11:58:21.356Z TRACE yarn install v1.10.1
2019-12-21T11:58:21.594Z TRACE warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
2019-12-21T11:58:21.657Z TRACE [1/4] Resolving packages...
2019-12-21T11:58:23.111Z TRACE [2/4] Fetching packages...
2019-12-21T11:58:53.081Z TRACE error #typescript-eslint/eslint-plugin#2.10.0: The engine "node" is incompatible with this module. Expected version "^8.10.0 || ^10.13.0 || >=11.10.1". Got "10.12.0"
2019-12-21T11:58:53.083Z TRACE error Found incompatible module
2019-12-21T11:58:53.086Z TRACE info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
2019-12-21T11:58:58.441Z TRACE error: build error: non-zero (13) exit code from bucharestgold/centos7-s2i-web-app:10.x
2019-12-21T11:59:00.497Z ERROR build failed with message: Assemble script failed.
2019-12-21T11:59:00.503Z ERROR Assemble script failed.
i am not able to understand what I am missing here. I found that bucharestgold/centos7-s2i-web-app has been depreicated and tried with npx nodeshift --strictSSL=false --dockerImage=nodeshift/ubi8-s2i-web-app --build.env YARN_ENABLED=true --deploy.env NPM_RUN="npx yarn start" --deploy.port=3000 --expose. This is also throwing same error message.
You can use the new web-app flag feature and let nodeshift set the appropriate docker image.
Try running this command instead npx nodeshift --web-app --build.env YARN_ENABLED=true --deploy.env NPM_RUN="npx yarn start" --deploy.port=3000
I am trying to install angular CLI using yarn, for some reason because npm installation of angular CLI has also error don't know why. that's why i'm trying to use yarn
tried this command:
yarn global add angular-CLI
and the error is this :
test#test-X455LAB ~ $ yarn global add angular-cli
yarn global v1.2.1
[1/4] Resolving packages...
warning angular-cli#1.0.0-beta.28.3: angular-cli has been renamed to
#angular/cli. Please update your dependencies.
warning angular-cli > remap-istanbul > istanbul > fileset >
minimatch#2.0.10: Please update to minimatch 3.0.2 or higher to avoid
a RegExp DoS issue
info There appears to be trouble with your network connection.
Retrying...
info There appears to be trouble with your network connection. Retrying...
info There appears to be trouble with your network connection. Retrying...
info There appears to be trouble with your network connection. Retrying...
error An unexpected error occurred: "http://registry.npmjs.org/isobject: ESOCKETTIMEDOUT".
info If you think this is a bug, please open a bug report with the information provided in "/home/test/.config/yarn/global/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/global for documentation about this command.
what seems to be the problem? thanks
I try to run the sail application but I got an error when using sails lift.I followed the procedure to install the sail.js. I created one notepad file I uses the command node C:\Users\Vignesh Ravi\AppData\Roaming\npm\node_modules\sails\bin\sails.js lift and save as sails.bat file and put into C:\Windows\System32.but still I got an error can anyone solve this error? Thanks in advance....
I followed the procedure:
C:\Users\Vignesh Ravi>cd AppData
C:\Users\Vignesh Ravi\AppData>cd Roaming
C:\Users\Vignesh Ravi\AppData\Roaming>cd npm
C:\Users\Vignesh Ravi\AppData\Roaming\npm>sails new xyz
=====================================================
You seem to be using NPM >= v3.0.0, which no longer
supports symbolic links in the `node_modules/` folder.
As of Feb. 2016, the Sails team is still working on a
speedier solution to optimize `sails new` that will
be released as a 0.12.x patch. But in the mean time,
your new Sails app's dependencies must be set up
using `npm install`.
Because of this, creating your new Sails app will
take longer than you might be used to. Please bear
with us; or if you have a need for speed, downgrade
to NPM < v3.0.0 in the mean time. Thanks!
=====================================================
Installing dependencies... (this could take a little while)
npm WARN deprecated minimatch#2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN prefer global coffee-script#1.10.0 should be installed with -g
npm notice created a lockfile as package-lock.json. You should commit this file.
added 261 packages in 22.306s
info: Created a new Sails app `xyz`!
C:\Users\Vignesh Ravi\AppData\Roaming\npm>cd xyz
C:\Users\Vignesh Ravi\AppData\Roaming\npm\xyz>npm install
up to date in 3.282s
C:\Users\Vignesh Ravi\AppData\Roaming\npm\xyz>sails lift
C:\Users\Vignesh Ravi\AppData\Roaming\npm\xyz>node C:\Users\Vignesh Ravi\AppData\Roaming\npm\node_modules\sails\bin\sails.js lift
module.js:487
throw err;
^
Error: Cannot find module 'C:\Users\Vignesh'
at Function.Module._resolveFilename (module.js:485:15)
at Function.Module._load (module.js:437:25)
at Function.Module.runMain (module.js:605:10)
at startup (bootstrap_node.js:158:16)
at bootstrap_node.js:575:3
Try this,
$ sails new sdc
$ cd sdc
$ npm install
$ sails lift
What you are missing?
You are running sails lift in a wrong directory
I'm new to git, bower and electron etc.
I'm trying to install some dependencies through command line like this
bower install angular angular-route angular-material --save
It gives me error
I found this solution that says
You are probably behind a firewall. Try cloning via https – that has a higher chance of not being blocked
Then I tried this
bower install https://github.com/angular/bower-angular.git
but it still giving me error
Basically Error is
ECMDERR Failed to execute "git ls-remote --tags --heads git://github.com/angular/bower-angular.git", exit code of #128 fatal: unable to connect to github.com: github.com[0: 192.30.252.128]: errno=No such file or directory
Additional error details: fatal: unable to connect to github.com:
github.com[0: 192.30.252.128]: errno=No such file or directory
Can anyone have Idea what I'm doing wrong or what I'm missing here? I'm totally stuck over here. Any kind of help will be appreciated.
try this
git config --global url."https://".insteadOf git://
check this question for more details:
How to fix bower ECMDERR
I had some invalid proxy settings in .bowerrc
Removed them. All good :)
I managed to get it to work after i changed my .gitconfig file to sslVerify = false
Here is how my .gitconfig looks like:
[http]
sslVerify = false
[url "https://"]
insteadOf = git://
[url "https://github.com/"]
insteadOf = git://github.com/