Create-react-native-app: Can't create a new app

Created on 6 Jan 2018 · 19Comments · Source: expo/create-react-native-app

Description

I'm running commands like create-react-native-app foo, but they're failing. They've worked in the past with the same setup (same versions of node, yarn, OS, same network, etc.) - I think it may be an issue with a package that create-react-native-app depends on (duplexer3) being removed from the npm registry?

Expected Behavior

I expected a new react native app skeleton to be created.

Observed Behavior

create-react-native-app foo failed with output:

Creating a new React Native app in /Users/yashapodeswa/projects/foo.

Using package manager as yarnpkg with yarn interface.
Installing packages. This might take a couple minutes.
Installing react-native-scripts...

yarn add v1.3.2
info No lockfile found.
[1/4] 🔍  Resolving packages...
warning react-native-scripts > xdl > auth0-js > xtend > [email protected]:
error Received malformed response from registry for "duplexer3". The registry may be down.
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.
Error: Received malformed response from registry for "timed-out". The registry may be down.
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48907:15
    at Generator.next (<anonymous>)
    at step (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:92:30)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:110:14
    at new Promise (<anonymous>)
    at new F (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:29389:28)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:89:12
    at Function.findVersionInRegistryResponse (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48946:7)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48963:28
    at Generator.next (<anonymous>)
Error: Received malformed response from registry for "timed-out". The registry may be down.
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48907:15
    at Generator.next (<anonymous>)
    at step (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:92:30)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:110:14
    at new Promise (<anonymous>)
    at new F (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:29389:28)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:89:12
    at Function.findVersionInRegistryResponse (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48946:7)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48963:28
    at Generator.next (<anonymous>)
`yarnpkg add --dev --exact --ignore-optional react-native-scripts` failed

Environment

Please run these commands in the project folder and fill in their results:

npm ls react-native-scripts: n/a
npm ls react-native: n/a
npm ls expo: n/a
node -v: 8.9.4
npm -v: 5.6.0
yarn --version: 1.3.2
watchman version: 4.9.0

Also specify:

Operating system: macOS Sierra (version 10.12.6)
Phone/emulator/simulator & version: n/a

Reproducible Demo

Run create-react-native-app <anything>

Source

yashap

All 19 comments

Same issue here.

It's seems to be an issue with the npm registry.

The https://www.npmjs.com/package/duplexer3 page was temporarily 404. It's back up now but something else is apparently not working right.

theduke on 6 Jan 2018

Yeah, I'm now getting a slightly different error:

error Received malformed response from registry for "timed-out". The registry may be down.

Looking at NpmResolver.findVersionInRegistryResponse(config, range, body, request) in /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js, it's getting a response body of:

{
  name: 'timed-out',
  versions: {},
  modified: '2018-01-06T18:36:24.279Z'
}

The request object being passed into findVersionInRegistryResponse is pretty huge, I pasted it here: https://pastebin.com/4kKFmjWv

yashap on 6 Jan 2018

Same issue here.

adesugbaa on 6 Jan 2018

I think that same problem here:

470 http fetch GET 304 https://registry.npmjs.org/duplexer3 96ms (from cache)
471 silly pacote range manifest for duplexer3@^0.1.4 fetched in 97ms
472 silly resolveWithNewModule [email protected] checking installable status
473 http fetch GET 304 https://registry.npmjs.org/lowercase-keys 101ms (from cache)
474 http fetch GET 304 https://registry.npmjs.org/is-retry-allowed 101ms (from cache)
475 http fetch GET 304 https://registry.npmjs.org/is-redirect 102ms (from cache)
476 http fetch GET 304 https://registry.npmjs.org/unzip-response 102ms (from cache)
477 http fetch GET 304 https://registry.npmjs.org/safe-buffer 102ms (from cache)
478 http fetch GET 304 https://registry.npmjs.org/is-stream 102ms (from cache)
479 http fetch GET 304 https://registry.npmjs.org/timed-out 102ms (from cache)
480 http fetch GET 304 https://registry.npmjs.org/get-stream 103ms (from cache)
481 silly fetchPackageMetaData error for timed-out@^4.0.0 No valid versions available for timed-out
482 http fetch GET 304 https://registry.npmjs.org/create-error-class 107ms (from cache)
483 silly pacote range manifest for lowercase-keys@^1.0.0 fetched in 106ms
484 silly resolveWithNewModule [email protected] checking installable status
485 silly pacote range manifest for is-retry-allowed@^1.0.0 fetched in 108ms
486 silly resolveWithNewModule [email protected] checking installable status
487 silly pacote range manifest for is-redirect@^1.0.0 fetched in 109ms
488 silly resolveWithNewModule [email protected] checking installable status
489 silly pacote range manifest for unzip-response@^2.0.1 fetched in 108ms
490 silly resolveWithNewModule [email protected] checking installable status
491 silly pacote range manifest for is-stream@^1.0.0 fetched in 109ms
492 silly resolveWithNewModule [email protected] checking installable status
493 silly pacote range manifest for safe-buffer@^5.0.1 fetched in 109ms
494 silly resolveWithNewModule [email protected] checking installable status
495 silly pacote range manifest for get-stream@^3.0.0 fetched in 111ms
496 silly resolveWithNewModule [email protected] checking installable status
497 silly pacote range manifest for create-error-class@^3.0.0 fetched in 111ms
498 silly resolveWithNewModule [email protected] checking installable status
499 http fetch GET 304 https://registry.npmjs.org/url-parse-lax 63ms (from cache)
500 silly pacote range manifest for url-parse-lax@^1.0.0 fetched in 64ms
501 silly resolveWithNewModule [email protected] checking installable status
502 verbose type range
503 verbose stack timed-out: No valid versions available for timed-out
503 verbose stack     at pickManifest (/usr/lib/node_modules/npm/node_modules/pacote/node_modules/npm-pick-manifest/index.js:19:11)
503 verbose stack     at fetchPackument.then.packument (/usr/lib/node_modules/npm/node_modules/pacote/lib/fetchers/registry/manifest.js:39:14)
503 verbose stack     at tryCatcher (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
503 verbose stack     at Promise._settlePromiseFromHandler (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
503 verbose stack     at Promise._settlePromise (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
503 verbose stack     at Promise._settlePromise0 (/usr/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)

hazzo on 6 Jan 2018

Issue is acknowledged was acknowledged by npm and is being worked on.

https://status.npmjs.org/incidents/41zfb8qpvrdj

This could take a while to resolve though, so go and enjoy your saturday.

theduke on 6 Jan 2018

❤1

@theduke 👏

adesugbaa on 6 Jan 2018

Sweet, good find @theduke . I'm going to close this issue as it seems to be a temporary npm issue, not a create react native app issue.

yashap on 6 Jan 2018

More infos here: https://github.com/npm/registry/issues/255

theduke on 6 Jan 2018

❤1

I just wanted to start creating RN app for my project and this happened. Killed my excited mood, I hope it will be fixed soon! :+1:

jelenajjo on 6 Jan 2018

Seems to be working now...

adesugbaa on 6 Jan 2018

It works now :+1:

jelenajjo on 6 Jan 2018

👍1

good to know @jelenajjo

shtefcs on 6 Jan 2018

If you’re the cautious type, you may want to avoid doing anything that installs npm packages for the next 24hrs or so. npm lacks some pretty basic security features that you’d expect from a package manager of its size, after all these packages got wiped it may have been possible for people to replace them with imposter packages that install malware.

yashap on 7 Jan 2018

👍1

Looks like there may have been at least one package hijacked: https://github.com/npm/registry/issues/256

I definitely think the safe move is to not install any npm packages for a little while (so no create-react-native-app, create-react-app, npm install, yarn install, etc.). If you’ve already done that, worth keeping an eye on npm news for the next few days/weeks, seeing if any malware snuck in, and if so what you can do to mitigate it.

yashap on 7 Jan 2018

👍1

Thanks for informing us about that @yashap .

@jelenajjo

shtefcs on 7 Jan 2018

Np @shtefcs . Note that there’s certainly no confirmation of malware sneaking in while the packages were deleted, everything may be fine, but if you’re cautious with this stuff, it’s probably a good time to avoid npm installs for a day or so.

yashap on 7 Jan 2018

@yashap @shtefcs I had no intention of "hijacking" pinkie. See my comment on https://github.com/floatdrop/pinkie/issues/18.

puradox on 9 Jan 2018

👍1

Sorry @puradox , didn't mean to say that you'd put anything malicious in there. Was just using pinkie as evidence of "it may be temporarily possible for some commonly used packages to be re-published by not-the-original-author", and if that was indeed the case, npm installs of seemingly trusted packages could do some really nasty stuff to your system, so the cautious approach would be to wait a bit before installing any npm packages.

yashap on 9 Jan 2018

👍1

@theduke , I started with react-native yesterday and am experiencing same problem, anyway out?