The dependency hell - npm vulnerability in `tar`

Jan

Full Stack Engineer in Hamburg, Germany

More posts by Jan.

Jan

21 Aug 2019 • 1 min read •

Sometimes it really hurts to work with dependencies which are loaded by other dependencies. One of this time-consuming tasks can be to fix npm audits.

Before you break the internet and start to run in your personal nightmare of dependencies. https://www.npmjs.com/package/npm-force-resolutions is your solution. Please read the description of the npm package, before using.

npm i npm-force-resolutions

Add the version in your package.json, like for example:

"resolutions": {
    "braces": ">=2.3.2",
    "tar": ">=4.4.8"
}

Now remove the node_modules directory, start to force the defined version(s) and install.

rm -r node_modules npx npm-force-resolutions npm install

Sometimes its stucks, so execute the command step by step.

rm -r node_modules
npx npm-force-resolutions
npm install

To confirm the right version:

npm ls {braces,tar}

Start your project and take a coffee. Now you can relax again.

The dependency hell - npm vulnerability in `tar`

Jan

Jan

Create your first Vue.js application

NPM WARN npm does not support Node.js v.10.15.2

NPM & NPM CI - optimizing the CI

Start developing with Firebase and the Spark-Plan

Create your first Vue.js application

Subscribe to devjalo

Subscribe to devjalo