Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support breaking changes in NPM v7

See original GitHub issue

With the release of NPM v7, the output of npm audit --json has changed significantly. Under the hood, audit-ci uses the --json flag.

Support for both NPM v7 and NPM v6 is critical.

For the full list of breaking changes, see below.

Breaking changes

Despite the massive overhaul to the internals of npm, the team has worked tirelessly to ensure that there will be minimal disruptions to most workflows. That said, some breaking changes are necessary to improve the overall developer experience. Breaking changes in npm 7.0.0 include:

Automatically installing peer dependencies (while this feature is something we think is desirable new behavior, it does potentially break certain workflows).

npm uses the package.exports field making it no longer possible to require() npm’s internal modules.

npx has been completely rewritten to use the npm exec command. There are various changes in functionality, most noticeable being a prompt if the module you are trying to run is not yet installed.

The output of npm audit has significantly changed both in the human-readable and --json output styles.

To learn more about the breaking changes in npm 7.0.0 please check out our in-depth post on the npmjs.com blog.

Issue Analytics

State:
Created 3 years ago
Reactions:2
Comments:8 (4 by maintainers)

Top GitHub Comments

1reaction

srickscommented, May 11, 2021

Hi, thanks very much for this package! 😁

I see that you’ve released a new version 8 days ago to support npm7, but I’m having issues:

$ npm exec audit-ci -p npm
audit-ci version: 4.0.0
NPM audit report results:
{
  "advisories": {},
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 80,
      "high": 0,
      "critical": 0,
      "total": 80
    },
    "dependencies": {
      "prod": 2127,
      "dev": 31,
      "optional": 31,
      "peer": 0,
      "peerOptional": 0,
      "total": 2188
    }
  }
}
Cannot create property 'paths' on string 'postcss'
Exiting...

$ node -v
v14.16.0
$ npm -v
7.12.1

Any thoughts? Downgrading to npm 6 makes everything work as expected.

0reactions

srickscommented, Oct 12, 2021

@quinnturner Thanks, although I don’t have a reproduction case now. If I run into the issue again, I will file a new issue!