Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
RC6 installation fails: can't fix npm vulnerabilities
See original GitHub issueHi, I’m trying to update Chia to RC6. RC5 worked fine. I’m on Linux Manjaro. This is what I get when I try to run install-gui.sh (within the activated venv):
$ sh install-gui.sh
install-gui.sh: line 17: type: apt-get: not found
install-gui.sh: line 21: type: yum: not found
install-gui.sh: line 26: type: yum: not found
Running git submodule update --init --recursive.
Running git submodule update.
up to date, audited 2811 packages in 4s
2 low severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
up to date, audited 2811 packages in 5s
# npm audit report
xmldom <0.5.0
Misinterpretation of malicious XML input - https://npmjs.com/advisories/1650
fix available via `npm audit fix`
node_modules/xmldom
plist >=0.3.2
Depends on vulnerable versions of xmldom
node_modules/plist
2 low severity vulnerabilities
To address all issues, run:
npm audit fix
And the installation fails. So, I run:
$ npm audit fix
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file
npm ERR! A complete log of this run can be found in:
npm ERR! /home/user/.npm/_logs/2021-03-13T08_48_19_342Z-debug.log
Here’s the log file:
0 verbose cli [ '/usr/bin/node', '/usr/bin/npm', 'audit', 'fix' ]
1 info using npm@7.6.0
2 info using node@v15.10.0
3 timing config:load:defaults Completed in 1ms
4 timing config:load:file:/usr/lib/node_modules/npm/npmrc Completed in 0ms
5 timing config:load:builtin Completed in 0ms
6 timing config:load:cli Completed in 2ms
7 timing config:load:env Completed in 0ms
8 timing config:load:file:/home/user/chia-blockchain/.npmrc Completed in 0ms
9 timing config:load:project Completed in 1ms
10 timing config:load:file:/home/user/.npmrc Completed in 0ms
11 timing config:load:user Completed in 0ms
12 timing config:load:file:/usr/etc/npmrc Completed in 0ms
13 timing config:load:global Completed in 0ms
14 timing config:load:cafile Completed in 1ms
15 timing config:load:validate Completed in 0ms
16 timing config:load:setUserAgent Completed in 0ms
17 timing config:load:setEnvs Completed in 1ms
18 timing config:load Completed in 6ms
19 verbose npm-session 3934fa82d8619ad5
20 timing npm:load Completed in 12ms
21 timing arborist:ctor Completed in 1ms
22 timing command:audit Completed in 7ms
23 verbose stack Error: loadVirtual requires existing shrinkwrap file
23 verbose stack at Arborist.loadVirtual (/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js:57:18)
23 verbose stack at async Arborist.audit (/usr/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/audit.js:23:18)
23 verbose stack at async audit (/usr/lib/node_modules/npm/lib/audit.js:15:3)
24 verbose cwd /home/user/chia-blockchain
25 verbose Linux 5.11.2-1-MANJARO
26 verbose argv "/usr/bin/node" "/usr/bin/npm" "audit" "fix"
27 verbose node v15.10.0
28 verbose npm v7.6.0
29 error code ENOLOCK
30 error audit This command requires an existing lockfile.
31 error audit Try creating one first with: npm i --package-lock-only
32 error audit Original error: loadVirtual requires existing shrinkwrap file
33 verbose exit 1
As suggested I run:
$ npm i --package-lock-only
up to date, audited 1 package in 184ms
found 0 vulnerabilities
And then again:
$ npm audit fix
up to date, audited 1 package in 184ms
found 0 vulnerabilities
But when I retry the installation nothing is fixed and I get the same audit error:
$ sh install-gui.sh
install-gui.sh: line 17: type: apt-get: not found
install-gui.sh: line 21: type: yum: not found
install-gui.sh: line 26: type: yum: not found
Running git submodule update --init --recursive.
Running git submodule update.
up to date, audited 2811 packages in 4s
2 low severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
up to date, audited 2811 packages in 5s
# npm audit report
xmldom <0.5.0
Misinterpretation of malicious XML input - https://npmjs.com/advisories/1650
fix available via `npm audit fix`
node_modules/xmldom
plist >=0.3.2
Depends on vulnerable versions of xmldom
node_modules/plist
2 low severity vulnerabilities
To address all issues, run:
npm audit fix
I already tried starting fresh by deleting the whole chia-blockchain folder and cloning from scratch, but I run into the same issue. I’m not familiar with npm, can someone help me? Thank you.
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (1 by maintainers)
Top Results From Across the Web
Unable to fix npm vulnerabilities - node.js - Stack Overflow
Tried another solution by making a resolution object in package. json and specified specific versions of a particular package, and ran it using ......
Read more >Fixing security vulnerabilities in npm dependencies in less ...
In my case mocha(7.1.0) -> mkdirp(0.5.1) -> minimist(0.0.8) — the vulnerable version. Resolutions key. 3) And finally the fix was: 3.1) First npm...
Read more >How to Fix Your Security Vulnerabilities with NPM Overrides
How to Fix Your Security Vulnerabilities with NPM Overrides · Vulnerability alert after npm install · Npm audit fix — force might update...
Read more >[BUG] npm audit fix doesn't work · Issue #3472 · npm/cli - GitHub
In my project, when running npm audit , one of the reported vulnerable packages is listed with the message “fix available via npm...
Read more >Don't be alarmed by vulnerabilities after running NPM Install
The NPM registry runs a security audit on NPM packages. With the release of NPM v6, this command is run automatically when you...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I am running RC7 on Manjaro and I have the same problem:
The
install-gui.shscript does not continue afternpm audit fix.When running
npm install && npm run locale:extract && npm run local:compile && npm run buildmanually I can compile the GUI. Here some npm info:Linux Kernel is 5.9.16-1 (stable Manjaro release)
fixed via https://github.com/Chia-Network/chia-blockchain-gui/pull/238