82

I am working on an angular app with a .net core web api.

When I cloned this repository, I tried to run npm install on the angular application, but I got a strange error:

npm install
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

audited 34090 packages in 14.711s
found 15 vulnerabilities (9 low, 6 high)
  run `npm audit fix` to fix them, or `npm audit` for details

Also, if I try to do npm audit fix, I get even more errors:


npm audit fix
npm ERR! code ELOCKVERIFY
npm ERR! Errors were found in your package-lock.json, run  npm install  to fix them.
npm ERR!     Invalid: lock file's @progress/kendo-theme-default@file:https:/registry.npmjs.org/@progress/kendo-theme-default/-/kendo-theme-default-2.48.1.tgz does not satisfy @progress/kendo-theme-default@file:lib/kendo-theme-default
npm ERR!     Invalid: lock file's bootstrap@file:https:/registry.npmjs.org/bootstrap/-/bootstrap-4.0.0.tgz does not satisfy bootstrap@file:lib/bootstrap

How can I resolve this?

Ayush M.
  • 819
  • 1
  • 6
  • 8

3 Answers3

113

Often times, this is related to package-lock.json messing. I would suggest to try to:

  1. Delete your package-lock.json

  2. Delete your node_modules folder

  3. Try npm install again

This used to fix several issues when adding new packages in my angular apps.

Good luck!

Please note that since then, a lot changed and there are now another option to use ncu to consolidate updates. It could be worth trying before going with this solution.

The alternative solution is described in another response in this thread, please refer to it.

CodeMylife
  • 1,321
  • 1
  • 9
  • 12
  • 2
    Okay, after looking to the error itself, what it says is that it cannot find these packages you are looking for on npm. These seems to be bootstrap and kendo ui themes. I am going to send just an idea, maybe try uninstalling and reinstalling those manually would do the trick. – CodeMylife Oct 31 '18 at 19:07
  • 10
    While in OP's case it's probably fine, this course of action can backfire pretty bad otherwise. Package lock is there for a reason - it makes sure that your dependency structure is consistent between installs. If you delete it, you lose this, and your code might easily misbehave. Also possible that it's not immediately noticeable. If you do this, make sure you have great test coverage at least. – Avius Dec 30 '19 at 10:27
  • I have **TypeError: Cannot read properties of undefined (reading 'NormalModule')** – AnonymousUser Feb 28 '22 at 06:12
  • where is package-lock.json? – Gerry Aug 10 '22 at 01:23
  • @Gerry It il located at the root of the project right under package.json. It will however not be there until you did your first npm install. – CodeMylife Aug 10 '22 at 14:53
  • I ended up completely re-installing node.js from scratch – Gerry Aug 11 '22 at 20:37
70

The best thing I recently learn was install the npm-check-updates. It does everything automatically.

run ncu for list in my case was this:

 $ ncu

 babel-core           ^6.26.0  →  ^6.26.3
 babel-loader          ^7.1.5  →   ^8.0.6
 babel-preset-env      ^1.6.1  →   ^1.7.0
 copy-webpack-plugin   ^4.6.0  →   ^5.0.5
 style-loader         ^0.20.2  →   ^1.0.1
 webpack                4.0.0  →   4.41.2

then run ncu -u to upgrade automatically.

rld
  • 2,603
  • 2
  • 25
  • 39
  • 2
    +1 for npm-check-updates. Also found this article which makes a lot of sense and helped me relax after seeing all of those errors: https://www.voitanos.io/blog/don-t-be-alarmed-by-vulnerabilities-after-running-npm-install/ – Dani Amsalem Jun 20 '21 at 17:09
  • 1
    ncu worked exactly as expected and saved me a headache, thank you very much. – a1pancakes Jan 02 '22 at 16:04
1

I had a similar issue, what ultimately helped me was updating my top-level dependency, which relied on a dependency that had the vulnerability, to the newest version.

msTam
  • 189
  • 1
  • 2
  • 10