Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid Version: >=5.1.1 #56

Open
createthis opened this issue Mar 9, 2022 · 5 comments
Open

Invalid Version: >=5.1.1 #56

createthis opened this issue Mar 9, 2022 · 5 comments

Comments

@createthis
Copy link

I'm using [email protected] with node v16.14.0 and npm 8.3.1. I'm randomly seeing errors pop up, like:

Invalid Version: >=5.1.1

When this happens, I have no choice but to hunt for that string in my package.json (I always find it in the resolutions section), remove the >=, then perform this sequence to rebuild my package-lock.json:

rm package-lock.json
npm shrinkwrap
mv npm-shrinkwrap.json package-lock.json
npm install

Sometimes even that won't work. In these cases I have to go a step further:

rm -Rf node_modules
npm install

In this case, it was dot-prop's version causing the issue, but I've also had this problem with:

  • lodash
  • mem
  • terser-webpack-plugin
  • ansi-regex
  • postcss

... and others.

This is very time consuming and frustrating, not to mention inefficient, having to restrict the version to a specific version instead of a range of versions.

Here's the full stack trace from /Users/jesse/.npm/_logs/2022-03-09T14_49_52_526Z-debug-0.log:
Screen Shot 2022-03-09 at 9 51 59 AM

This never used to happen with node v14.18.3, npm 8.3.1, and [email protected]. I would continue using [email protected], but it doesn't appear to work with npm@8; my npm audit security vulnerabilities persist when I use 0.0.6 with npm@8.

@createthis
Copy link
Author

@rogeriochaves FYI ^

@LearnerOrLearnerr
Copy link

Facing similar problem with node 16.14 and npm 8.5 with other packages. The installation fails with similar error for axios package:

Invalid version: ^0.26.1

@jithinktom
Copy link

jithinktom commented Jun 17, 2022

I am facing the same issue with node 16.15.1 and npm 8.11.0

44 verbose stack TypeError: Invalid Version: ^6.11.3
44 verbose stack at new SemVer (/Users/jithinktom/.nvm/versions/node/v16.15.1/lib/node_modules/npm/node_modules/semver/classes/semver.js:38:13)
44 verbose stack at compare (/Users/jithinktom/.nvm/versions/node/v16.15.1/lib/node_modules/npm/node_modules/semver/functions/compare.js:3:32)
44 verbose stack at Object.gte (/Users/jithinktom/.nvm/versions/node/v16.15.1/lib/node_modules/npm/node_modules/semver/functions/gte.js:2:30)

@amenella
Copy link

spotted this issue with node v16.15.1 and npm version > 8.5 (8.6, 8.7, 8.8, 8.9, 8.10, 8.11, 8.12)

  "resolutions": {
    "glob-parent": ">=5.1.2"
  },

also tried with ^5.1.2 syntax which is failing too

@amenella
Copy link

just found that since npm 8.3, the official way to handle vulnerabilities of subdependencies with npm is to use the overrides attributes:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants