Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

event-stream-3.3.6.tgz not found in Yarnpkg. #12077

Closed
monaka opened this issue Nov 30, 2018 · 12 comments
Closed

event-stream-3.3.6.tgz not found in Yarnpkg. #12077

monaka opened this issue Nov 30, 2018 · 12 comments
Assignees
@monaka
Labels
kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.

Comments

@monaka
Copy link
Member

monaka commented Nov 30, 2018
edited

Description

See Diagnostics: below for more details.
Possibly related on the recent security incident

Reproduction Steps

Build master branch.

OS and version:

Independent

Diagnostics:

[INFO] --- maven-antrun-plugin:1.8:run (build-dashboard) @ che-dashboard-war ---
[INFO] Executing tasks

main:
     [exec] yarn install v1.12.3
     [exec] [1/5] Validating package.json...
     [exec] [2/5] Resolving packages...
     [exec] [3/5] Fetching packages...
     [exec] error https://registry.yarnpkg.com/event-stream/-/event-stream-3.3.6.tgz: Extracting tar content of undefined failed, the file appears to be corrupt: "Unexpected end of data"
     [exec] info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

curl https://registry.yarnpkg.com/event-stream/-/event-stream-3.3.6.tgz
{"error":"Not found"}
@monaka monaka mentioned this issue Nov 30, 2018
Merged
@skabashnyuk skabashnyuk added kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system. kind/bug Outline of a bug - must adhere to the bug report template. and removed kind/task Internal things, technical debt, and to-do tasks to be performed. labels Nov 30, 2018
@rickyduck
Copy link

I'm having the same issue as well

@wassafr
Copy link

wassafr commented Nov 30, 2018

Got it as well

@iuliust
Copy link

iuliust commented Nov 30, 2018

this is due to : https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident

to solve the issue, add the following to your package.json file :

  ...
  ,
  "resolutions": {
    "**/event-stream": "^4.0.1"
  }

@benoitf
Copy link
Contributor

benoitf commented Nov 30, 2018

should be fixed in master now with PR of @monaka #12078

@benoitf benoitf closed this as completed Nov 30, 2018
@wassafr
Copy link

wassafr commented Nov 30, 2018

Solved after deleting yarn.lock

@daton89
Copy link

daton89 commented Dec 2, 2018

it worked for me to delete yarn.lock in yarn global dir

@eddzmaciel
Copy link

if you want to keep the yarn.lock file, just change the name yarn.lockBKP and run yarn install again!

@YuriGor YuriGor mentioned this issue Dec 5, 2018
Closed
e-schultz added a commit to rangle/rangle-labs that referenced this issue Dec 14, 2018
@e-schultz
Fix resolution of event-stream
924dc41 
When trying to yarn install for first time, was getting error:

```
 [exec] error https://registry.yarnpkg.com/event-stream/-/event-stream-3.3.6.tgz: Extracting tar content of undefined failed, the file appears to be corrupt: "Unexpected end of data"
```

Update package.json to change resolution of `event-stream` to a
non-vulnerable one.

Found solution in [this](eclipse-che/che#12077) issue
@e-schultz e-schultz mentioned this issue Dec 14, 2018
Open
@andrewleyva andrewleyva mentioned this issue Dec 14, 2018
Merged
EpicureanHeron added a commit to EpicureanHeron/InitiativeTracker that referenced this issue Dec 15, 2018
@EpicureanHeron
updated package with instructions here: eclipse-che/che#12077
e13eac8
@tima101 tima101 mentioned this issue Dec 18, 2018
Closed
@SirSerje
Copy link

it worked for me to delete yarn.lock in yarn global dir

and what to do, if I try to deploy it on Travis?

tribal-tec added a commit to tribal-tec/Rockets that referenced this issue Jan 3, 2019
@tribal-tec
fix(js): event-stream incident
fabb529 
https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident

Resolution: eclipse-che/che#12077 (comment)
@monaka
Copy link
Member Author

monaka commented Jan 7, 2019

I think that just deleting yarn.lock will bring potential weakness. You should think how event-stream was contaminated.

@felipegtx felipegtx mentioned this issue Jan 14, 2019
Closed
tribal-tec added a commit to tribal-tec/Rockets that referenced this issue Jan 18, 2019
@tribal-tec
fix(js): fix event-stream incident
67a8200 
https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident

Resolution: eclipse-che/che#12077 (comment)
tribal-tec added a commit to BlueBrain/Rockets that referenced this issue Jan 18, 2019
@tribal-tec
fix(js): fix event-stream incident
3f7e454 
https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident

Resolution: eclipse-che/che#12077 (comment)
@ArvsIndrarys ArvsIndrarys mentioned this issue Jan 18, 2019
Closed
@Aarbel
Copy link

Aarbel commented Jan 24, 2019

deleting yarn.lock file add run yarn to generate new yarn.lock file solved the problem for me

EpicureanHeron added a commit to EpicureanHeron/NewYorkTimesReactSearch that referenced this issue Jan 25, 2019
@EpicureanHeron
updated package.json with a fix found here eclipse-che/che#12077
de60653
@EpicureanHeron EpicureanHeron mentioned this issue Jan 25, 2019
Closed
@rodrigolopezguerra
Copy link

Solved after deleting yarn.lock

this is the way to go. Thanks!

tannerwelsh added a commit to swayable/vscode-random that referenced this issue Feb 14, 2019
@tannerwelsh
Bump event-stream pkg to ^4.0.1
64520cd 
Resolved bug in manner found here:
eclipse-che/che#12077 (comment)
event-stream

Fixes package 404 error caused by this event: https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
@gstvribs gstvribs mentioned this issue May 27, 2019
Closed
@BeardOfDan
Copy link

This worked for me. Thanks!
(Google brought me here for the same problem, but on a different project)

@jonoellis jonoellis mentioned this issue Aug 14, 2019
Open
@gstvribs gstvribs mentioned this issue Oct 4, 2019
Merged
@zifeo zifeo mentioned this issue Dec 27, 2019
Closed
@trainoasis trainoasis mentioned this issue Mar 6, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@monaka monaka

Labels
kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests