-
Notifications
You must be signed in to change notification settings - Fork 135
npmjs.org tells me that left-pad is not available (404 page) #4
Comments
according to https://registry.npmjs.org/left-pad
It's causing Babel to fail installation |
@tonytamps thanks for pointing this out @azer why? this will break babel based builds on travis... |
I'm having the same issue. |
Yep, I'm having the same problem. |
Seems like https://www.npmjs.com/package/left-pad is up again, but no versions published. |
@tonytamps it seems like the registry has updated weirdly
|
Yeah I published a 1.0.0 to try to resolve the dependency. It looks like someone (not me) completely removed left-pad from the npm registry |
Is there a way to get all the old versions back again? In my project it's at the end of a fairly long dependency chain... |
@azer would know better why it was unpublished (assuming he was the one to unpublish it) |
@camwest The package |
Just tried replacing the travis version of npm which is fairly old by a the latest and see what it will do
It will now tell me that there is a version 0.0.9... weird. Will not try to install that one, though, with all the malware going around... |
+1 same issue here. |
@RongxinZhang try and use the new GitHub reactions instead of the old +1 :) |
+1 same issue |
@jmcriffey I can't publish 0.0.3 because it's already been published and removed. NPM forbids publishing a version of the same library twice. See npm/npm-registry-couchapp#148 for context |
@lydell is there a way to make line-numbers work again, perhaps an alternate package or by depending on left-pad@1.0.0 instead? |
+1... this is messing things up for a lot of ppl. |
This pull request needs to be merged and line-numbers needs to be republished |
+1 Also broke my stuff |
Same |
Same - broke my build |
This kind of just broke the internet. |
It broked our build. Halp pl0x. Demo video for investors needs deploy soon. :-) |
My build wants version 0.0.3 back or else it's going to hold me hostage. npm reports the only valid install target is 0.0.9 |
was about to deploy after weeks of work (to demonstrate to the client) and bam - this issue. |
Time to update your password / credentials? |
List of number of packages depending on those unpublished by @azer: https://gist.github.com/tlrobinson/05d2354a71f5491d2f5a |
@aduth so you're happy to use someone's code that they shared with the world for free, and you feel that your investment of $0 entitles you to some standard of service? |
@davidmason Oh here we go again. Thanks a bunch. |
If anyone is confused about @davidmason's comment, it was in reference to a now-deleted reply. Anyone who has email notifications turned on in this thread probably has a copy in their inbox. |
Open source should not be oppressed. Though it cost others time, you have the reason to do that. |
@davidmason the suck it up, you didn't earn it, move on mentality contributes negatively to the validity and trustworthiness of the OSS community. |
@joeandaverde the "you made it, you have to support the way I use it" mentality contributes negatively to the experience of being a part of the OSS community. |
Safe harbor just means that NPM is safe (somewhat) from prosecution even if someone hosts copyrighted works on NPM. It doesn't mean they don't have to act on behalf of trademark / copyright owners. |
@jacksonrayhamilton thanks for the script; I made a tweak to output the full install path for any of @azer's packages found in a project: #!/usr/bin/env bash
curl https://gist.githubusercontent.com/azer/db27417ee84b5f34a6ea/raw/50ab7ef26dbde2d4ea52318a3590af78b2a21162/gistfile1.txt \
| sed 's/^\(.*\)$/\/\1$/' \
> ~/suspicious-packages.txt \
&& npm ls --parseable \
| grep -f ~/suspicious-packages.txt This gave me the output: /Users/jackwanders/some-project/node_modules/babel/node_modules/babel-core/node_modules/line-numbers/node_modules/left-pad Hopefully this might help others determine how to proceed if they are relying on any of these packages. |
Surely Kik could have just spent 5 seconds to realise that the NPM package had nothing to do with anything related to them. Solid effort on notifying a bunch of people as to what happened though. Like others have said, his code can do what he wants with it, it's open source if you wish to republish then do so, rather than complain. |
Our build job caught that |
This is a great example of why decentralizing the package hosting can solve the problem. If package hosting were done via a technology such as zeronet and torrents, this could be entirely avoided. I'll be looking into this in the coming months. |
@azer transfer the module to me please 😄 since I'm the only other author of the module 😀 |
@stevemao is the new owner of the module, not sure how he can take the npm ownership. |
Thanks @azer 👍 |
Thanks @azer, you did right thing which makes us understand how the npm is dangerous to us, open source developers. You did perfect warning to all the world to tell us do not trust the bullshit npm any more. To be honest, great work! |
@KoryNunn @SomeoneWeird @zerkms @drewhamlett If you run npm as root, it'll |
@isaacs that is really good. There are however many other malicious things that can be done without sudo, like grabbing private keys. |
I don't wanna imagine what happens when tomorrow someone trademarks Lodash and wreaks havoc. 💥 Maybe it's time to add an exclusion clause to Open Source licenses for companies like Kik? BTW: Ask one of 80 million germans about Kik and they'll recognize a completely different company. |
@f teşekkür ederim anlayışın ve desteğin için Fatih :) |
This is why Docker exists. Because dependency management is trouble. Pack it all into one package. Do we need a Docker for JS? |
1.1.0 is released :) |
When building projects on travis, or when searching for left-pad on npmjs.com, both will report that the package cannot be found.
Here is an excerpt from the travis build log
And here is the standard npmjs.com error page https://www.npmjs.com/package/left-pad
However, if I remove left-pad from my local npm cache and then reinstall it using npm it will happily install left-pad@0.0.4.
The text was updated successfully, but these errors were encountered: