I'm using Verdaccio as my NPM proxy for a long time. However, recently I realized that the following .npmrc configuration that makes the npm proxy to work:
registry=http://localhost:4873/
also causes the package-lock.json files generated with localhost:4873 entries instead of the original package addresses. For example:
"ms": {
"version": "2.0.0",
- "resolved": "http://localhost:4873/ms/-/ms-2.0.0.tgz",
- "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
},
The original package address (https://registry.npmjs.org/ms/-/ms-2.0.0.tgz for example) is a crucial data when the application is being installed on another machine.
How can I keep using my npm proxy and still keep the original package addresses in package-lock.json so any other user who doesn't use a local proxy still have a valid package-lock.json?
Related
I am developing a package for a Laravel project on my local machine. I have also spun up a Laravel app so I can manually test the package. My package is located at /home/me/packages/me/my-package and a commit (git) has been tagged with '0.1'.
I want to be able to switch between tagged versions and use specific versions in different projects but having issues.
In my main apps composer file, I am requiring the package like so:
...
"require" : {
"me/my-package" : "0.1"
}
...
"repositories" : [
{
"type": "path",
"url": "/home/me/packages/me/my-package"
}
]
This results in an error:
Problem 1
- Root composer.json requires me/my-package 0.1, found me/my-package[dev-main] but it does not match the constraint.
I have also tried:
"require" : {
"me/my-package" : "dev-main#0.1"
}
(This was an idea taken from How to use a specific tag/version with composer and a private git repository?). This goes through without any errors but:
$ composer show | grep me/my-package
me/my-package dev-main My Package
What is the correct way install a specific version of a package when developing it locally?
Probably the only thing why you hit this message is that you have "type": "path" and not "type": "vcs".
This is that Composer will only refer one version and only one version dev-main. The reason is:
If the package [path repository] is a local VCS repository, the version may be inferred by the branch or tag that is currently checked out. (ref)
You have the main branch checked out at /home/me/packages/me/my-package (/home/me/packages/me/my-package/.git/HEAD content is ref: refs/heads/main and /home/me/packages/me/my-package/.git/refs/heads/main points to the git revision) and composer will only take that one.
You should have no problem to make that change from path to vcs given:
You already have a (git) repository at /home/me/packages/me/my-package (looks so by your question)
You know the absolute path on your local system to that repository (again, looks so by your question: /home/me/packages/me/my-package).
Given these two points, Composer is able to obtain the VCS tagged versions from that path. So basically only the change of the "type":
"repositories" : [
{
"type": "vcs",
"url": "/home/me/packages/me/my-package"
}
]
Just take care that "url" contains the absolute path (and there is a git repository at that place). Likely already all set in your case, just saying.
Git is very prominent that's why I mentioned it here, for other types of VCS Composer also has options at hand. The details - also for git etc. - are available here:
VCS - Repositories (getcomposer.org)
I have a React application with ApolloClient with Apollo-Link-Schema. The application works fine locally but in our staging environment (using GOCD), we get the following error:
Uncaught Error: Cannot use e "__Schema" from another module or realm.
Ensure that there is only one instance of "graphql" in the node_modules
directory. If different versions of "graphql" are the dependencies of other
relied on modules, use "resolutions" to ensure only one version is installed.
https://yarnpkg.com/en/docs/selective-version-resolutions
Duplicate "graphql" modules cannot be used at the same time since different
versions may have different capabilities and behavior. The data from one
version used in the function from another could produce confusing and
spurious results.
at t.a (instanceOf.mjs:21)
at C (definition.mjs:37)
at _ (definition.mjs:22)
at X (definition.mjs:284)
at J (definition.mjs:287)
at new Y (definition.mjs:252)
at Y (definition.mjs:254)
at Object.<anonymous> (introspection.mjs:459)
at u (NominationsApprovals.module.js:80)
at Object.<anonymous> (validate.mjs:1)
Dependencies are installed with yarn, I've added the resolutions field to the package.json.
"resolutions": {
"graphql": "^14.5.8"
},
I've checked the yarn.lock and can only find one reference for the graphql package.
npm ls graphql does not display any duplicates.
I thought maybe its a build issue with webpack - I have a different build script for staging, but running that locally I am still able to get the react application to run with that bundle.
Can anyone suggest anything else to help me fix this?
I managed to find the cause of the issue, if this helps anyone else. The issue is not to do with duplicate instances of the package at all, this is a false positive triggered by us using webpack's DefinePlugin to set the process.env.NODE_ENV to staging for our staging build.
However, in webpack the mode (see https://webpack.js.org/configuration/mode/), which sets the process.env.NODE_ENV, only accepts none, development and production as valid values. This was triggering an env check in the graphql package to fail and trigger this error message.
In our case, we need to differentiate between staging and production as our API endpoint differs based on this, but the solution we implemented is to not rely on the process.env.NODE_ENV, but to assign a custom variable on build (e.g. process.env.API_URL)
I would try to replicate the error locally and debug it:
try this:
rm -rf node_modules yarn.lock
# also remove any lock files if you have package-lock.json too
yarn install
# build the project locally and see if you got the error
I got this problem one time where I was working with Gatsby and 2 different themes where using different versions of GraphQL. Also be more explicit with the version (without caret) and check if the error persist.
do you have a repo youc an share? that would also help us to help you :)
While changing NODE_ENV to production might solve the issue, if you have different variables for each environment and don't want to mess with your metrics this is not an ideal solution.
You said you use webpack. If the build with the issue uses some kind of source-map in your devtool, you might want to disable that to see if the problem persists. That's how I solved this without setting my NODE_ENV to production.
I had a similar problem when trying to run Apollo codegen and was able to fix it by deduping my npm packages. Run this:
rm -rf node_modules && npm i && npm dedupe
I was having this problem so I switched to yarn, and after deleting node_modules and npm lockfile, then running yarn, the problem went away :-).
I ended up here because I use the AWS CDK and the NodejsFunction Construct. I was also using bundling with minify: true.
Toggling minify to false resolved this for me.
On my Phoenix project, I found a peculiar behavior of sass-brunch.
Here are the short descriptions of my problem:
It generates a correct app.css on the priv/static/css directory when the Phoenix server started in dev envrionment.
When I modify one of SCSS files, the app.css gets generated but lacks only the lines from the modified SCSS file. It keeps the lines from the unmodified files.
This problem occurs on Ubuntu 16.04, but not on macOS.
On the log file, I noticed an entry that may be related to this issue:
[debug] Duplicate channel join for topic "phoenix:live_reload" in Phoenix.LiveReloader.Socket. Closing existing channel for new join.
I don't see such a line on my Mac.
My environment:
Ubuntu 16.04 Desktop
Phoenix 1.2.5
Node.js 8.9.1
npm 5.5.1
Brunch 2.10.7
sass-brunch 2.10.4
My package.json:
{
"repository": {},
"license": "MIT",
"scripts": {
"deploy": "brunch build --production",
"watch": "brunch watch --stdin"
},
"dependencies": {
"phoenix": "file:deps/phoenix",
"phoenix_html": "file:deps/phoenix_html"
},
"devDependencies": {
"babel-brunch": "6.0.6",
"brunch": "2.10.7",
"clean-css-brunch": "2.10.0",
"sass-brunch": "^2.10.4",
"uglify-js-brunch": "2.1.1"
}
}
[UPDATE]
I found an interesting fact.
When I edit SCSS files using vim, the app.css gets generated normally.
When I edit them using atom, things do not go well.
I found a workaround to my problem.
Put these lines to the brunch-config.js:
watcher: {
usePolling: true
}
As the documentation of Brunch says, watcher gets slower but can be more reliable by setting true to this option.
The usePolling option is passed to chokidar, whose document says:
usePolling (default: false). Whether to use fs.watchFile (backed by polling), or fs.watch. If polling leads to high CPU utilization, consider setting this to false. It is typically necessary to set this to true to successfully watch files over a network, and it may be necessary to successfully watch files in other non-standard situations.
I am following this tutorial
https://hyperledger.github.io/composer/integrating/deploying-the-rest-server.html
I have done all the steps. But when I run rest-server through github, it prints following stack trace.
Error
404 Cannot GET /auth/github
status: 404
Error: Cannot GET /auth/github
at raiseUrlNotFoundError (/home/praval/.nvm/versions/node/v6.11.1/lib/node_modules/composer-rest-server/node_modules/loopback/server/middleware/url-not-found.js:21:17)
I presume you installed the Github strategy via npm install -g passport-github?
If so did it create a folder /auth/github?
You are required to go to this Folder per documentation: "Authenticate to the REST server by navigating to the value of the authPath property specified in the environment variable COMPOSER_PROVIDERS. In the example above, this is http://localhost:3000/auth/github"
In my case that folder was not created. I read on Github website: https://github.com/cfsghost/passport-github
"The author of Passport-Github has not maintained the original module for a long time. Features in his module don't work since Github upgraded their API to version 3.0. We forked it and re-published it to NPM with a new name passport-github2"
I'm looking for guidance on this.
Before create private api just execute this command in your terminal.
export COMPOSER_PROVIDERS='{
"github": {
"provider": "github",
"module": "passport-github",
"clientID": "<your id>",
"clientSecret": "<your secret>",
"authPath": "/auth/github",
"callbackURL": "/auth/github/callback",
"successRedirect": "http://localhost(domain of angular app):4200(port)/home(page to redirect)",
"failureRedirect": "http://localhost(domain of angular app):4200(port)/login-github(page to redirect)""
}
}'
To check if all is fine - run command
echo $COMPOSER_PROVIDERS
After this you will see your COMPOSER_PROVIDERS value.
And after in github profile app (https://github.com/settings/applications/) you must configure "Homepage URL" (ex. http://APIdomain:3000/) and "Authorization callback URL" (ex. http://APIdomain:3000/auth/github/callback)
I try to install Horde/Imap_Client, as documented here
In an empty directory, I create a composer.json file with the following content
{
"repositories": [
{
"type": "pear",
"url": "http://pear.horde.org"
}
],
"require": {
"pear-pear.horde.org/Horde_Imap_Client": "*"
}
}
I then download the composer executable and run the installation running the 2 following commands
curl -s http://getcomposer.org/installer | php
php composer.phar install
The download and installation process fails, on both Mac OS X and Ubuntu 14.04. The message I get is
Initializing PEAR repository http://pear.horde.org PEAR repository
from http://pear.horde.org could not be loaded. Your configuration
does not allow connection to http://http://pear.horde.org. See
https://getcomposer.org/doc/06-config.md#secure-http for details.
Installing dependencies (including require-dev) Your requirements
could not be resolved to an installable set of packages.
Problem 1
- The requested package pear-pear.horde.org/horde_imap_client could not be found in any version, there may be a typo in the package
name.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting see
https://getcomposer.org/doc/04-schema.md#minimum-stability for more
details.
Read https://getcomposer.org/doc/articles/troubleshooting.md for
further common problems.
Is the Horde/Imap_Client deprecated or am I doing something wrong?
How much more verbose do you want the error?
Initializing PEAR repository http://pear.horde.org PEAR repository from http://pear.horde.org could not be loaded. Your configuration does not allow connection to http://http://pear.horde.org. See https://getcomposer.org/doc/06-config.md#secure-http for details.
Composer no longer allows installing packages from insecure sources out of the box. Regrettably the Horde PEAR repository does not support HTTPS at this time, so you can't go that way. The other way however is pretty clear in the documentation, just add this to your composer.json file:
"config": {
"secure-http": false
}
So it looks like this:
{
"repositories": [
{
"type": "pear",
"url": "http://pear.horde.org"
}
],
"require": {
"pear-pear.horde.org/Horde_Imap_Client": "*"
},
"config": {
"secure-http": false
}
}
Please do note that this disables all checks for secure communications completely. So you're opening the doors to install random code on your system via DNS poisoning, MitM attacks, you name them. The fundamental solution is to bug the Horde PEAR repository maintainers to add an SSL certificate to their repo.
Horde recently added support for HTTPS, allowing you to use Composer without the 'secure-http'=false flag.
So you can use the repository:
https://pear.horde.org