Could you please update your package to use the latest version of minimatch
?
The version currently used by jshint
is throwing deprecation warnings:
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
(crickets)
+1
+1
Thanks for the report! There is a pull request available here: gh-2953.
I can see that that many of you want this change; please have patience as
responsibly updating dependencies requires careful review of change logs.
gh-2953 is now merged. I'd like to get a few more bug fixes in for the next
patch release, but this should be available on npm within the week.
Should I be able to get the new version? Built a new PC last evening, can't get cordova working at all. I get this warning (tried updating "npm update -g [email protected]" but that didn't work. I have uninstalled/reinstalled NPM and node. When I try to install cordova, I get the minimatch error, and then a bunch of garbage for the install results. It then will not let me use cordova commands:
PM> npm update -g [email protected]
PM> npm install -g cordova
npm : npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
At line:1 char:1
npm
WARN
package.json
[email protected] No README data
C:\Users\afriedman\AppData\Roaming\npm\cordova -> C:\Users\afriedman\AppData\Roaming\npm\node_modules\cordova\bin\cordova
[email protected] C:\Users\afriedman\AppData\Roaming\npm\node_modules\cordova
Γö£ΓöÇΓöÇ [email protected]
Γö£ΓöÇΓöÇ [email protected]
Γö£ΓöÇΓöÇ [email protected] ([email protected])
Γö£ΓöÇΓöÇ [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
Γö£ΓöÇΓöÇ [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
Γö£ΓöÇΓöÇ [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
ΓööΓöÇΓöÇ [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
PM> cordova create testapp com.test.testapp testapp
cordova : The term 'cordova' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
PM>
Trying to get to the bottom of this, hoping maybe this is the cause? I don't honestly think it's a cordova issue, but could be wrong.
@afried101 please refer to my previous comment--this is not yet published to npm.
I am surprised that a warning is causing your build to fail, though. That wasn't my understanding of how deprecation works in npm. Locally, I am still able to install JSHint without error (via npm install jshint
, using Node 6.2.0 and npm 3.8.9
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
what should i do??? any suggestion
I would like to help, but this is not enough information. Besides the message
printed to the terminal, can you please explain the effect this is having on
your work flow? Also please include the version of Node.js and npm you are
using.
Mike, my issue was not NPM/Node/Minimatch. I don't know what it was - the project was on a server - all that changed was a fresh VS15 install... But, I created a new project through the IDE instead of NPM, and I have my cordova command back in npm and all is well. Can't say what fixed it other than "create a new project through the IDE."
Node Built output today - with latest version of repo...
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
try this
tq CarolinaKadix it worked perfectly. no issues till now
Thank you so much CarolinaKadix, you helped me a lot, I use Ubuntu Mate and your tip leaded me to solve this problem.
I just started to take the same errors and my cordova doesn't build anymore even I tried to re-install. I tried the @CarolinaKadix method with my Mac with "sudo" prefix hence, it all went the same till getting the same error with the screenshot below. Any opinion??
Update: I deleted all the "node_modules" files and uninstalled the npm & node 0.o then re-installed them hence still the same issue continues and it says it's a path problem even I fixed permissions issues again with npm.
Having the same exact issue at @erhanyasar
npm install -g [email protected]
@pixelcanvas that hasn't worked either
Yes already mentioned not working the same way 😕
I talked with npm on twitter and they replied it will be updated by today. Anyway today again I uninstalled both "node" and "npm" from both terminal and the folders on "usr/local/lib" & "usr/local/include" and users. Then tried "severe uninstall" incase. And tried to install node and npm again with mini match updated. Then it worked even says the same error once but it loads. @pixelcanvas @landing-eagle hope you try and & succeed the same.
@erhanyasar Actually it worked for me :-)
he installed mini match in directory npm \ npm-modules \ minimatch \ they just need the file transferred direct to match npm\
can you please explain the effect this is having on your work flow?
@jugglinmike the minimatch version in cli has a security issue. If possible please upgrade cli to a current version- that will also upgrade minimatch imho.
We just released JSHint version 2.9.3, which contains an updated version of the "minimatch" library.
I still have this issue after a clean installation. Any recommendations? Thanks in advance.
Hi, @slashkite
Did you clean it, did a fresh install, and updated the minimatch for example?
@CarolinaKadix thanks for the info.
i have minimatch on 3.0.3 and grunt-sync 0.6.2 generally.
When installing sails globally, it takes grunt-sync 0.5.2, which uses minimatch 2.0.10.
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected]
│ ├── [email protected]
│ └── [email protected]
Am I doing something wrong?
It's so weird that I have that warning
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
/usr/local/bin/ng -> /usr/local/lib/node_modules/angular-cli/bin/ng
Even though
➜ ~ npm -v minimatch
4.1.1
/usr/local/lib
├─┬ [email protected]
│ ├── [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └── [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected]
@tkhuynh Do note that npm -v minimatch
will print the version of npm
you have installed.
@KenanY any suggestion to bypass that warning?
I think it's because of the old fileset version
@slashkite any ways to update it?
I even did this before I install angular-cli, I still get that warning
sudo npm install -g [email protected]
/usr/local/lib
└── [email protected]
@tkhuynh Installing minimatch
globally won't help. You gotta get fileset
's dependency on minimatch
updated and then ensure that it gets propagated up the dep tree.
same with me, doesnt fix at all
npm install -g minimatch@latest
Thanks CarolinaKadix it worked perfectly
Most helpful comment
try this