A while ago, I have encountered a npm vulnerability called "Missing Origin Validation".
The message was following:
High Missing Origin Validation
Package webpack-dev-server
Dependency of react-scripts
Path react-scripts > webpack-dev-server
More info https://nodesecurity.io/advisories/725
When I follow NPM's instruction and fixed it by run npm install react-scripts#2.1.1. It was fine.
Recently, on my other branch(Lets call it branch test) I installed webpack for some purpose. Even though the webpack was technically only installed in my test branch, when I switch to my master branch, this happened:
The react-scripts package provided by Create React App requires a dependency:
"webpack": "4.19.1"
Don't try to install it manually: your package manager does it automatically.
However, a different version of webpack was detected higher up in the tree:
C:\Users\pzheng\my-app\node_modules\webpack (version: 4.25.1)
I dont see webpack installed in my master branch's package.json. However, I still followed the NPM's instruction: deleted my package-lock.json and node_modules then I ran npm install
It fixed,but then the Missing Origin Validation vulnerability appears again. I am running into a cycle at this point. In the future the test branch will be merged. Then I need to pick a version. However, either version will cause an error.
Any help is appreciated.
Related
the react-scripts package provided by create react app requires a dependency eslint ^5.6.0.
it says that another version was detected higher up in the tree (version: 8.30.0) the latest I've installed. If I install the 5.6 version I get other errors instead of fixing it.
I've also tried the SKIP_PREFLIGHT in a .env file with no success. As well as the troubleshooting from the terminal (removedd the node module folder and npm install again).
Here are some of the things I've tried
craco: cannot find eslint loader (eslint-loader) - lastest error showing up
reintalled eslint (lastest version)
installed eslint different versions to match with the ones in the file
Reinstalled google-auth-library
troubleshooting from terminal (React Suggestions):
- Removed node_modules from user and ran npm install (install all node modules again)
- Added the SKIP_PREFLIGHT .env
- Under Package.json removed and added again the eslintConfig / changed "eslint": "8.31" to recommended one (version 7)
- Deleted package-lock (added back after no success)
- devDependencies Removed ESLint (added back after no success)
- npm audit
From StackOverflow:
- Added to craco eslint: { enable: false},
- Updated npm
- Changed craco version to 6.4
- npm install -D eslint to install in the devDependecy
- Added module: rules on craco
- downgraded to npm install webpack#5.75.0
New error messages: craco cannot find ESLint loader (eslint-loader) - eslint-loader is deprecated, tried installing eslint-webpack-plugin.. same problem
Any ideas about what might be happening?
I had multiple versions of eslint - the problem went away when I updated to version 8 (updating the manifest as well)
Quite new to react, and can not find an answer to the simplest of tasks. Just trying to clone a repo to my computer and run it. For example https://github.com/arnab-datta/counter-app .
I do npm install and npm start. But when I do npm start I seem to have dependency errors with a "babel-loader". It gives me the below list of steps to solve the problem, I went through them all and still no success. No matter what project I try to repo the error is always this babel-loader. I am new to react and getting very frustrated being unable to do the simplest of things.
There might be a problem with the project dependency tree. It is
likely not a bug in Create React App, but something you need to fix
locally.
The react-scripts package provided by Create React App requires a
dependency:
"babel-loader": "8.0.5"
Don't try to install it manually: your package manager does it
automatically. However, a different version of babel-loader was
detected higher up in the tree:
/Users/xxx/node_modules/babel-loader (version: 8.0.6)
Manually installing incompatible versions is known to cause
hard-to-debug issues.
If you would prefer to ignore this check, add
SKIP_PREFLIGHT_CHECK=true to an .env file in your project. That will
permanently disable this message but you might encounter other issues.
To fix the dependency tree, try following the steps below in the exact
order:
Delete package-lock.json (not package.json!) and/or yarn.lock in your project folder.
Delete node_modules in your project folder.
Remove "babel-loader" from dependencies and/or devDependencies in the package.json file in your project folder.
Run npm install or yarn, depending on the package manager you use.
In most cases, this should be enough to fix the problem. If this has
not helped, there are a few other things you can try:
If you used npm, install yarn (http://yarnpkg.com/) and repeat the above steps with it instead.
This may help because npm has known issues with package hoisting which may get resolved in future versions.
Check if /Users/tylervanzo/node_modules/babel-loader is outside your project directory.
For example, you might have accidentally installed something in your home folder.
Try running npm ls babel-loader in your project folder.
This will tell you which other package (apart from the expected react-scripts) installed babel-loader.
If nothing else helps, add SKIP_PREFLIGHT_CHECK=true to an .env file
in your project. That would permanently disable this preflight check
in case you want to proceed anyway.
I am trying to create a React.js App however once created and I try to run using 'yarn start' in the terminal I get this:
yarn run v1.12.3
$ react-scripts start
There might be a problem with the project dependency tree.
It is likely not a bug in Create React App, but something you need to fix locally.
The react-scripts package provided by Create React App requires a dependency:
"babel-eslint": "10.0.1"
Don't try to install it manually: your package manager does it automatically.
However, a different version of babel-eslint was detected higher up in the tree:
/Users/olliesaunderson/node_modules/babel-eslint (version: 9.0.0)
Manually installing incompatible versions is known to cause hard-to-debug issues.
If you would prefer to ignore this check, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.
That will permanently disable this message but you might encounter other issues.
To fix the dependency tree, try following the steps below in the exact order:
1. Delete package-lock.json (not package.json!) and/or yarn.lock in your project folder.
2. Delete node_modules in your project folder.
3. Remove "babel-eslint" from dependencies and/or devDependencies in the package.json file in your project folder.
4. Run npm install or yarn, depending on the package manager you use.
In most cases, this should be enough to fix the problem.
If this has not helped, there are a few other things you can try:
5. If you used npm, install yarn (http://yarnpkg.com/) and repeat the above steps with it instead.
This may help because npm has known issues with package hoisting which may get resolved in future versions.
6. Check if /Users/olliesaunderson/node_modules/babel-eslint is outside your project directory.
For example, you might have accidentally installed something in your home folder.
7. Try running npm ls babel-eslint in your project folder.
This will tell you which other package (apart from the expected react-scripts) installed babel-eslint.
If nothing else helps, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.
That would permanently disable this preflight check in case you want to proceed anyway.
P.S. We know this message is long but please read the steps above :-) We hope you find them helpful!
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
I have tried following the steps suggested however none of this seems to works. I have also tried yarn add --exact react-scripts#3.0.1 and yarn cache clean
I fixed it!
So as the error shows, there is an existing folder of 'babel-eslint' somewhere higher up in my dependency tree. All I had to do was search in finder for that folder and then delete it, once done you can just 'yarn install' again and 'yarn start' then it should work :)
I have no idea where this other 'babel-eslint' folder came from btw...
I have an issue that I cannot solve.
I'm using ESLint in VSCode for my all projects.
Now I created a new react app but when I run it (npm start or yarn start), it throws an error.
React app use ESLint 5.12.5, is lower version of mine.
I tried following the steps in the suggestion but ... it's not fixed.
Can anyone solve my issue?
I tried npm uninstall -g eslint, npm uninstall eslint, npm i ...bla..bla, removed my ESLint extension in my VSCode, and re-created react app. But the error has not been fixed.
I checked eslint -v, it said 5.14.1, but in the error notice, vscode said version 5.16.0 is in node-modules ##.
This is full error notice when I try yarn start or npm start:
> homework02#0.1.0 start E:\Extenal Code\Hoc JS\ReactJS-iViettech\homework02
> react-scripts start
There might be a problem with the project dependency tree.
It is likely not a bug in Create React App, but something you need to fix locally.
The react-scripts package provided by Create React App requires a dependency:
"eslint": "5.12.0"
Don't try to install it manually: your package manager does it automatically.
However, a different version of eslint was detected higher up in the tree:
E:\Extenal Code\Hoc JS\node_modules\eslint (version: 5.16.0)
Manually installing incompatible versions is known to cause hard-to-debug issues.
If you would prefer to ignore this check, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.
That will permanently disable this message but you might encounter other issues.
To fix the dependency tree, try following the steps below in the exact order:
1. Delete package-lock.json (not package.json!) and/or yarn.lock in your project folder.
2. Delete node_modules in your project folder.
3. Remove "eslint" from dependencies and/or devDependencies in the package.json file in your project folder.
4. Run npm install or yarn, depending on the package manager you use.
In most cases, this should be enough to fix the problem.
If this has not helped, there are a few other things you can try:
5. If you used npm, install yarn (http://yarnpkg.com/) and repeat the above steps with it instead.
This may help because npm has known issues with package hoisting which may get resolved in future versions.
6. Check if E:\Extenal Code\Hoc JS\node_modules\eslint is outside your project directory.
For example, you might have accidentally installed something in your home folder.
7. Try running npm ls eslint in your project folder.
This will tell you which other package (apart from the expected react-scripts) installed eslint.
If nothing else helps, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.
That would permanently disable this preflight check in case you want to proceed anyway.
I just solved this issue, the error says:
The react-scripts package provided by Create React App requires a dependency:
"eslint": "5.12.0" (in my case "^5.16.0")
but also says you have another version at package.json that's
E:\Extenal Code\Hoc JS\node_modules\eslint (version: 5.16.0) in my case was 6.1.0
so my solution was:
I searched for the dependency called eslint and updated the version similar to Create React App expected "eslint": "^5.12.0" (in my case "eslint": "^5.16.0") at package.json
Then run npm install and now you can run npm start... if you have troubles with slint-plugin-import just update the version as well, additional you can try installing locally instead of global with --save.
I believe this is an ongoing issue with create-react-app and eslint as detailed at:
https://github.com/wesbos/eslint-config-wesbos/issues/17
There are a number of suggestions there, though I'm hoping they will put a more permanent fix in place.
In my case it works like below:
Create New Project or clone form vcs.
Create .eslintrc.json file by yourself. Do not use Ctrl+Shift+P ->Eslint:create eslint configuration.
Try searching for eslint and change the version to the required version in the package.json file of eslint. 5.12.0 in your case.
Just try clearing cache and everything will come into normal usage you can use npx create-react-app project-folder-name, this worked for me.
Use this cmd in your terminal
cmd -> npm cache clean —force
there is different process to make it work just have to follow two installations for the future projects too if you like you can use this too and can work for your projects, cmd line is mentioned below :
cmd 1-> create-react-app my-app --scripts-version #nomoreanalog/react-scripts-eslintless
cmd 2-> npm install --save-dev babel-plugin-styled-components
I am trying to run the command npx create-react-app under a corporate registry. The problem is that the element sockjs#0.3.18 is not available and therefore it stalls the installation; however, the element sockjs#0.3.17 is. Is there any way I can run that command by specifying it should install a different version of sockjs?.
Using npm ls sockjs, I see this is a dependency of react-scripts#1.1.4 / webpack-dev-server#2.9.4
└─┬ react-scripts#1.1.4
----└─┬ webpack-dev-server#2.9.4
--------└── sockjs#0.3.18
There's an option in create-react-app to use a nonstandard version of react-scripts:
--scripts-version <alternative-package>
This should work:
npx create-react-app --scripts-version 0.9.5 app
0.9.5 is the latest version that depends on an earlier sockjs.
I found this by looking up the package.json of webpack-dev-server and then react-scripts that had appropriately downgraded versions. (I did it manually on GitHub release pages... anyone know a better tool for that?)
Alternative approaches:
Get the updated sockjs approved in your corporate registry :)
Assuming the difference between sockjs#0.3.18 and sockjs#0.3.17 is immaterial as for as create-react-app goes (no guarantees), you could probably npm install create-react-app, find the bit in the source code (node_modules/create-react-app/create-react-app.js) that downloads react-scripts, and hack it to point to your own fork of the latest react-scripts with a changed version number for webpack-dev-server (1.16.4). Not recommended!