-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
1 parent
3793414
commit abdafb0
Showing
1 changed file
with
1 addition
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you explain, how to achieve this? I'm a low-level developer and didn't understand why this code stands for and what to do with it! sorry if I waste your time by making you read this comment, in case you find this comment useless.
my error is
` Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of browser-sync [dev]
Path browser-sync > micromatch > braces
More info https://npmjs.com/advisories/786 `
abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sathish-spidie , you can find out the solution on the link there: https://npmjs.com/advisories/786:
What this means is that in your package.json you should make sure the line for "braces" under "dependencies" says
and then delete your cached npm packages by
and then
If you don't directly depend on "braces", which is the situation I am in, you can use
to figure out which of your packages is depending on "braces", and then go make sure to update each of those packages in the same way: version bump them, make sure to prefix the versions of everything with "^", and then delete your packages and regenerate package-lock.json by redoing
npm install
; that will get the latest, hopefully bugfixed, versions of all your packages; but if any of your packages have not yet updated to use"braces": "^2.3.1"
then you will have to go to their github projects and file an issue.A comment on a commit inside the braces project isn't really a proper general support forum for npm. For that, and for future questions, you will probably have good luck asking at https://npm.community/c/support. I hope the above helps and lets you extend your developer skills.
abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kousu that was a fantastic description, and a really good summary of the steps that need to be taken. Thank you!
Only one thing I'd like to point out. Generally, https://npm.community/c/support is for NPM support, not for packages like this one. Meaning, if you need something directly related to the package manager itself, that's the place to go. But ideally, when a user has an issue or support question like this, the best place to get answers is to:
abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, I have the same exact issue that stems from babel.
I was unable to run this line rm -r node_modules/ package-lock.json and it makes sense because the packag-lock is not inside the node_modules directory.
When I run npm list I can see that instances of 'braces' are at 2.3.2.
Any thoughts on how to fix?
Thanks!
abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a space between
node_modules
andpackage-lock.json
. The lock file is not inside the node_modules folder. It's at the same level.abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem I have here is that the braces package itself is showing
{ "_from": "braces@^1.8.2",
"_id": "braces@1.8.5",
So how to update that would help.
abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have the same problem. I am unable to update braces, after reinstall they are still 1.8.5.
abdafb0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@martynawilkonska have you removed your
node_modules
cache andpackage-lock.json
file? If not, try that andnpm install
again. If it still does that, my next hunch is that you'rebraces
is a transitive dependency in your package. Trynpm ls braces
and see which package requires it and maybe you can try and upgrade that parent package which potentially will fix your problem.