Tarball dependency on listr-update-renderer breaks npm audit #516

YannickMeeus · 2018-10-29T19:22:05Z

Description

As part of the update to lint-staged 8.0.0, a dependency was taken on a version of listr-update-renderer not hosted in npm, but instead pulled from GitHub. This has the unfortunate side-effect that due to an issue described here (npm.community.net) and here (github.com/npm) npm audit no longer works.

I understand this very well looks like an issue that needs to be fixed in npm, but I just wanted to give you the heads-up that this is a thing, and the only workaround so far is to temporarily remove lint-staged, then npm i && npm audit fix, to then put the dependency back, which isn't great but not the end of the world either. But until either the NPM lot passes down a fix or the tarball dependency turns into an npm dependency, npm audit will not work in conjunction with lint-staged.

Steps to reproduce

N/A

Environment

OS: macOS Mojave
Node.js: v11.0.0
lint-staged: 8.0.0

The text was updated successfully, but these errors were encountered:

okonet · 2018-10-29T19:46:22Z

Duplicate of #511

okonet marked this as a duplicate of #511 Oct 29, 2018

okonet closed this as completed Oct 29, 2018

okonet added the duplicate label Oct 29, 2018

okonet mentioned this issue Jan 8, 2019

Upgrading to 8.0.4 leads to yarn check errors #535

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tarball dependency on listr-update-renderer breaks npm audit #516

Tarball dependency on listr-update-renderer breaks npm audit #516

YannickMeeus commented Oct 29, 2018

okonet commented Oct 29, 2018

Tarball dependency on listr-update-renderer breaks npm audit #516

Tarball dependency on listr-update-renderer breaks npm audit #516

Comments

YannickMeeus commented Oct 29, 2018

Description

Steps to reproduce

Environment

okonet commented Oct 29, 2018