Create-react-app: [email protected] is missing dependency [email protected] on npm and yarn registry
This was a temporary npm registry glitch. It should be fixed now.
Is this a bug report?
Yes
Did you try recovering your dependencies?
Yes
Environment
Environment:
OS: Windows 10
Node: 8.11.0
Yarn: 1.9.4
npm: 5.6.0
Watchman: Not Found
Xcode: N/A
Android Studio: Not Found
Packages: (wanted => installed)
react: ^16.4.1 => 16.4.2
react-dom: ^16.4.1 => 16.4.2
react-scripts: 1.1.4 => 1.1.4
Steps to Reproduce
Run yarn install (or npm install)
Or
Start a web browser
Try to download the package tarball (e.g. https://registry.yarnpkg.com/react-dev-utils/-/react-dev-utils-5.0.1.tgz)
Expected Behavior
[email protected] can be resolved
Actual Behavior
[email protected] cannot be resolved
HTTP error 404 is returned.
Note that this is a critical issue for everyone trying to use tools with a dependency on react-scripts 1.1.4 or use react-scripts 1.1.4 to prepare a React app for production (we can't do this atm)
mindcrash
All 25 comments
react-dev-utils@next also fails. I could not proceed with my development work. I am blocked.
react-dev-utils@https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-6.0.0-next.a671462c.tgz
prashanth9962
on 30 Aug 2018
Also running into this issue.
sebastianplsim
on 30 Aug 2018
That issue is ongoing for every version, the URL is malformed
https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-6.0.0-next.a671462c.tgz
will return a 404, whereas
https://registry.npmjs.org/react-dev-utils/react-dev-utils-6.0.0-next.a671462c.tgz
will download the package
alessandrocentanni
on 30 Aug 2018
Had the same issue but for https://registry.yarnpkg.com/react-dev-utils/-/react-dev-utils-5.0.1.tgz
To fix it we updated to https://registry.yarnpkg.com/react-dev-utils/react-dev-utils-5.0.1.tgz in the yarn.lock
stam
on 30 Aug 2018
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
Running yarn update worked for me - but with a newer project with fewer dependencies.
sebastianplsim
on 30 Aug 2018
yarn upgrade worked for me, if you don't want to upgrade all your dependencies the relevant change in the lockfile for me was:
react-dev-utils@^5.0.1:
- resolved "https://registry.yarnpkg.com/react-dev-utils/-/react-dev-utils-5.0.1.tgz#1f396e161fe44b595db1b186a40067289bf06613"
+ resolved "https://registry.yarnpkg.com/react-dev-utils/-/react-dev-utils-5.0.2.tgz#7bb68d2c4f6ffe7ed1184c5b0124fcad692774d2"
jonnyelliot
on 30 Aug 2018
There was a security vulnerability in [email protected] which was patched in 5.0.2 and other patches for every major release.
What Happened
We fixed it and reported it to npm but to be honest I didn't expect this to result in the package being taken down. I expected that people would see a report when running npm audit with actionable suggestions for how to fix the dependency.
Here's how to fix this.
How to Fix If You Didn't Eject
If you have not ejected you should be able to fix this by:
- Noting which version of
react-scriptsyou have inpackage.json - Removing the package
- npm users:
npm uninstall react-scripts - yarn users:
yarn remove react-scripts
- npm users:
- Re-adding the same version
- npm users:
npm install react-scripts@YOUR_VERSION - yarn users:
yarn add react-scripts@YOUR_VERSION
- npm users:
How to Fix If You Ejected
If you ejected you should be able to fix this by:
- Changing
react-dev-utilsversion inpackage.jsonto the latest depending on your major:
- Re-running your package manager's
installcommand
Sorry about the disruption.
Why Did Packages Disappear?
I'm following up with npm to understand what happened. I don't know.
gaearon
on 30 Aug 2018
It seems like react-dev-utils is Not Found again on NPM
laspinacristian
on 30 Aug 2018
@CristianCT46 Did you follow my instructions above?
gaearon
on 30 Aug 2018
https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-5.0.2.tgz is throwing a 404 in India, working in US.
adityakakarot
on 30 Aug 2018
Works for me in UK. I鈥檓 sorry, I can鈥檛 help with this. Something must have gone wrong on the npm side.
gaearon
on 30 Aug 2018
The link works in France as well.
phacks
on 30 Aug 2018
v5.0.2 is working for me on the UK too. However, older versions of react-dev-utils are 404'ing (i.e. v4.2.1), see https://github.com/facebook/create-react-app/issues/4941.
NPM just underwent a DNS migration/rollback so this may be the fall-out of that, but they are claiming systems are operational again. https://status.npmjs.org/
jtart
on 30 Aug 2018
I can confirm that in Italy I receive
{
"error": "Not found"
}
when trying https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-5.0.2.tgz
laspinacristian
on 30 Aug 2018
@CristianCT46 Use a VPN to change your location to either UK or US, then make the request.
adityakakarot
on 30 Aug 2018
Well, I鈥檓 truly sorry that my actions triggered this. I wanted to do what鈥檚 best for the users and make the vulnerability clearly visible. If I knew the old versions would get unpublished I wouldn鈥檛 do this. Looking forward to a clarification from npm so that I know the process better going forward (and hopefully it can be better documented).
gaearon
on 30 Aug 2018
Thanks for looking into it @gaearon, it seems the latest version of every major version exists, but not older versions. i.e. 4.2.2 exists, but not 4.2.1; 5.0.2 exists, but not 5.0.1.
jtart
on 30 Aug 2018
Yeah. That鈥檚 expected based on which versions were vulnerable. Except that I didn鈥檛 expect them to get taken down...
gaearon
on 30 Aug 2018
Getting a clarification that the takedown was not related to the vulnerability, or at least not intentional. npm is looking into this. Sorry again for the churn and I hope we can fix this quickly.
gaearon
on 30 Aug 2018
FYI we never went through with the DNS migration, there was an issue in the checklist so I never hit any switches, any issues re. 404s of packages are an unrelated bug. :smile:
1stvamp
on 30 Aug 2018
Unable to find the 4.2.2 version
~/work馃彲 npm install [email protected]
npm WARN gatsby-starter-hello-world@ No repository field.
npm ERR! code E404
npm ERR! 404 Not Found: [email protected]
npm ERR! A complete log of this run can be found in:
Jaikant
on 30 Aug 2018
The problem should be resolved now.
https://mobile.twitter.com/adam_baldwin/status/1035155826883751936
Can somebody still experience it? Where are you located?
gaearon
on 30 Aug 2018
@gaearon Yes resolved now! Thanks so much 馃挴
Jaikant
on 30 Aug 2018
@gaearon it works
maxkordiyak
on 30 Aug 2018
Yayyy
gaearon
on 30 Aug 2018
Related issues
DaveLindberg
路
3Comments
alleroux
路
3Comments
onelson
路
3Comments
jnachtigall
路
3Comments
ap13p
路
3Comments
Most helpful comment
There was a security vulnerability in
[email protected]which was patched in5.0.2and other patches for every major release.What Happened
We fixed it and reported it to npm but to be honest I didn't expect this to result in the package being taken down. I expected that people would see a report when running
npm auditwith actionable suggestions for how to fix the dependency.Here's how to fix this.
How to Fix If You Didn't Eject
If you have not ejected you should be able to fix this by:
react-scriptsyou have inpackage.jsonnpm uninstall react-scriptsyarn remove react-scriptsnpm install react-scripts@YOUR_VERSIONyarn add react-scripts@YOUR_VERSIONHow to Fix If You Ejected
If you ejected you should be able to fix this by:
react-dev-utilsversion inpackage.jsonto the latest depending on your major:[email protected][email protected][email protected][email protected][email protected][email protected]installcommandSorry about the disruption.
Why Did Packages Disappear?
I'm following up with npm to understand what happened. I don't know.