Jshint: Update minimatch version

Created on 18 Jun 2016 · 37Comments · Source: jshint/jshint

Could you please update your package to use the latest version of minimatch?
The version currently used by jshint is throwing deprecation warnings:

npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

Source

adamreisnz

👍21

Most helpful comment

try this
6a65a5fc-4b0a-11e6-88f6-a8b4dfcaa3a1

CarolinaKadix on 21 Jul 2016

👍29 ❤4

All 37 comments

(crickets)

SOSANA on 22 Jun 2016

🎉4

scottjason on 22 Jun 2016

biancama on 22 Jun 2016

Thanks for the report! There is a pull request available here: gh-2953.

I can see that that many of you want this change; please have patience as
responsibly updating dependencies requires careful review of change logs.

jugglinmike on 22 Jun 2016

👍5

gh-2953 is now merged. I'd like to get a few more bug fixes in for the next
patch release, but this should be available on npm within the week.

jugglinmike on 25 Jun 2016

🎉3 👍2

Should I be able to get the new version? Built a new PC last evening, can't get cordova working at all. I get this warning (tried updating "npm update -g [email protected]" but that didn't work. I have uninstalled/reinstalled NPM and node. When I try to install cordova, I get the minimatch error, and then a bunch of garbage for the install results. It then will not let me use cordova commands:

PM> npm update -g [email protected]
PM> npm install -g cordova
npm : npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
At line:1 char:1

npm install -g cordova
~~~~~~
- CategoryInfo : NotSpecified: (npm WARN deprec...egExp DoS issue:String) [], RemoteException
- FullyQualifiedErrorId : NativeCommandError

npm
WARN

package.json
[email protected] No README data

PM> cordova create testapp com.test.testapp testapp
cordova : The term 'cordova' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1

cordova create testapp com.test.testapp testapp
~~~
- CategoryInfo : ObjectNotFound: (cordova:String) [], CommandNotFoundException
- FullyQualifiedErrorId : CommandNotFoundException

PM>

Trying to get to the bottom of this, hoping maybe this is the cause? I don't honestly think it's a cordova issue, but could be wrong.

afried101 on 28 Jun 2016

@afried101 please refer to my previous comment--this is not yet published to npm.

I am surprised that a warning is causing your build to fail, though. That wasn't my understanding of how deprecation works in npm. Locally, I am still able to install JSHint without error (via npm install jshint, using Node 6.2.0 and npm 3.8.9

jugglinmike on 29 Jun 2016

npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

what should i do??? any suggestion

razn12 on 30 Jun 2016

I would like to help, but this is not enough information. Besides the message
printed to the terminal, can you please explain the effect this is having on
your work flow? Also please include the version of Node.js and npm you are
using.

jugglinmike on 30 Jun 2016

Mike, my issue was not NPM/Node/Minimatch. I don't know what it was - the project was on a server - all that changed was a fresh VS15 install... But, I created a new project through the IDE instead of NPM, and I have my cordova command back in npm and all is well. Can't say what fixed it other than "create a new project through the IDE."

afried101 on 1 Jul 2016

show next link
https://github.com/ashleygwilliams/npm-sandbox/tree/master/npm3/example1

francoaban on 13 Jul 2016

Node Built output today - with latest version of repo...

npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

codeuniquely on 15 Jul 2016

try this
6a65a5fc-4b0a-11e6-88f6-a8b4dfcaa3a1

CarolinaKadix on 21 Jul 2016

👍29 ❤4

tq CarolinaKadix it worked perfectly. no issues till now

ramsaikumar on 25 Jul 2016

Thank you so much CarolinaKadix, you helped me a lot, I use Ubuntu Mate and your tip leaded me to solve this problem.

caiodev on 2 Aug 2016

👍1

I just started to take the same errors and my cordova doesn't build anymore even I tried to re-install. I tried the @CarolinaKadix method with my Mac with "sudo" prefix hence, it all went the same till getting the same error with the screenshot below. Any opinion??

Update: I deleted all the "node_modules" files and uninstalled the npm & node 0.o then re-installed them hence still the same issue continues and it says it's a path problem even I fixed permissions issues again with npm.

screen shot 2016-08-11 at 14 46 57

erhanyasar on 11 Aug 2016

😕4

Having the same exact issue at @erhanyasar

adh148 on 11 Aug 2016

npm install -g [email protected]

pixelcanvas on 11 Aug 2016

@pixelcanvas that hasn't worked either

adh148 on 11 Aug 2016

Yes already mentioned not working the same way 😕

erhanyasar on 11 Aug 2016

I talked with npm on twitter and they replied it will be updated by today. Anyway today again I uninstalled both "node" and "npm" from both terminal and the folders on "usr/local/lib" & "usr/local/include" and users. Then tried "severe uninstall" incase. And tried to install node and npm again with mini match updated. Then it worked even says the same error once but it loads. @pixelcanvas @landing-eagle hope you try and & succeed the same.

erhanyasar on 12 Aug 2016

@erhanyasar Actually it worked for me :-)

pixelcanvas on 12 Aug 2016

he installed mini match in directory npm \ npm-modules \ minimatch \ they just need the file transferred direct to match npm\

NormanID on 13 Aug 2016

can you please explain the effect this is having on your work flow?

@jugglinmike the minimatch version in cli has a security issue. If possible please upgrade cli to a current version- that will also upgrade minimatch imho.

andig on 13 Aug 2016

We just released JSHint version 2.9.3, which contains an updated version of the "minimatch" library.

jugglinmike on 18 Aug 2016

🎉2

I still have this issue after a clean installation. Any recommendations? Thanks in advance.

slashkite on 22 Dec 2016

Hi, @slashkite
Did you clean it, did a fresh install, and updated the minimatch for example?

CarolinaKadix on 22 Dec 2016

@CarolinaKadix thanks for the info.

i have minimatch on 3.0.3 and grunt-sync 0.6.2 generally.

When installing sails globally, it takes grunt-sync 0.5.2, which uses minimatch 2.0.10.

├─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected]
│ ├── [email protected]
│ └── [email protected]

Am I doing something wrong?

slashkite on 22 Dec 2016

It's so weird that I have that warning
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue /usr/local/bin/ng -> /usr/local/lib/node_modules/angular-cli/bin/ng
Even though
➜ ~ npm -v minimatch
4.1.1

/usr/local/lib
├─┬ [email protected]
│ ├── [email protected] 
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │   └─┬ [email protected]
│ │     └── [email protected] 
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └─┬ [email protected]
│       └─┬ [email protected]
│         └─┬ [email protected]
│           └─┬ [email protected]
│             └── [email protected]

tkhuynh on 13 Jan 2017

@tkhuynh Do note that npm -v minimatch will print the version of npm you have installed.

KenanY on 13 Jan 2017

👍1

@KenanY any suggestion to bypass that warning?

tkhuynh on 13 Jan 2017

I think it's because of the old fileset version

slashkite on 13 Jan 2017

@slashkite any ways to update it?
I even did this before I install angular-cli, I still get that warning

sudo npm install -g [email protected]
/usr/local/lib
└── [email protected]

tkhuynh on 13 Jan 2017

@tkhuynh Installing minimatch globally won't help. You gotta get fileset's dependency on minimatch updated and then ensure that it gets propagated up the dep tree.

KenanY on 13 Jan 2017

same with me, doesnt fix at all