You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
can you explain, how to achieve this? I'm a low-level developer and didn't understand why this code stands for and what to do with it! sorry if I waste your time by making you read this comment, in case you find this comment useless.
What this means is that in your package.json you should make sure the line for "braces" under "dependencies" says
"braces": "^2.3.1",
and then delete your cached npm packages by
rm -r node_modules/ package-lock.json
and then
npm install
If you don't directly depend on "braces", which is the situation I am in, you can use
npm list
to figure out which of your packages is depending on "braces", and then go make sure to update each of those packages in the same way: version bump them, make sure to prefix the versions of everything with "^", and then delete your packages and regenerate package-lock.json by redoing npm install; that will get the latest, hopefully bugfixed, versions of all your packages; but if any of your packages have not yet updated to use "braces": "^2.3.1" then you will have to go to their github projects and file an issue.
A comment on a commit inside the braces project isn't really a proper general support forum for npm. For that, and for future questions, you will probably have good luck asking at https://npm.community/c/support. I hope the above helps and lets you extend your developer skills.
The reason will be displayed to describe this comment to others. Learn more.
@kousu that was a fantastic description, and a really good summary of the steps that need to be taken. Thank you!
you will probably have good luck asking at https://npm.community/c/support. I hope the above helps and lets you extend your developer skills.
Only one thing I'd like to point out. Generally, https://npm.community/c/support is for NPM support, not for packages like this one. Meaning, if you need something directly related to the package manager itself, that's the place to go. But ideally, when a user has an issue or support question like this, the best place to get answers is to:
read through previous issues first - @sathish-spidie would have seen that this question has been answered a couple of dozen times already on this project and other projects that depend on this one
StackOverflow - people get reputation points for helping others
if it seems like no one has addressed the issue already, and you have genuinely stumbled across a previously undiscovered bug, then create a new issue on the GitHub repository of the code project.
The reason will be displayed to describe this comment to others. Learn more.
Hello, I have the same exact issue that stems from babel.
I was unable to run this line rm -r node_modules/ package-lock.json and it makes sense because the packag-lock is not inside the node_modules directory.
When I run npm list I can see that instances of 'braces' are at 2.3.2.
The reason will be displayed to describe this comment to others. Learn more.
I was unable to run this line rm -r node_modules/ package-lock.json and it makes sense because the packag-lock is not inside the node_modules directory.
There is a space between node_modules and package-lock.json. The lock file is not inside the node_modules folder. It's at the same level.
The reason will be displayed to describe this comment to others. Learn more.
@martynawilkonska have you removed your node_modules cache and package-lock.json file? If not, try that and npm install again. If it still does that, my next hunch is that you're braces is a transitive dependency in your package. Try npm ls braces and see which package requires it and maybe you can try and upgrade that parent package which potentially will fix your problem.
abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you explain, how to achieve this? I'm a low-level developer and didn't understand why this code stands for and what to do with it! sorry if I waste your time by making you read this comment, in case you find this comment useless.
my error is
` Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of browser-sync [dev]
Path browser-sync > micromatch > braces
More info https://npmjs.com/advisories/786 `
abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sathish-spidie , you can find out the solution on the link there: https://npmjs.com/advisories/786:
What this means is that in your package.json you should make sure the line for "braces" under "dependencies" says
and then delete your cached npm packages by
and then
If you don't directly depend on "braces", which is the situation I am in, you can use
to figure out which of your packages is depending on "braces", and then go make sure to update each of those packages in the same way: version bump them, make sure to prefix the versions of everything with "^", and then delete your packages and regenerate package-lock.json by redoing
npm install; that will get the latest, hopefully bugfixed, versions of all your packages; but if any of your packages have not yet updated to use"braces": "^2.3.1"then you will have to go to their github projects and file an issue.A comment on a commit inside the braces project isn't really a proper general support forum for npm. For that, and for future questions, you will probably have good luck asking at https://npm.community/c/support. I hope the above helps and lets you extend your developer skills.
abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kousu that was a fantastic description, and a really good summary of the steps that need to be taken. Thank you!
Only one thing I'd like to point out. Generally, https://npm.community/c/support is for NPM support, not for packages like this one. Meaning, if you need something directly related to the package manager itself, that's the place to go. But ideally, when a user has an issue or support question like this, the best place to get answers is to:
abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, I have the same exact issue that stems from babel.
I was unable to run this line rm -r node_modules/ package-lock.json and it makes sense because the packag-lock is not inside the node_modules directory.
When I run npm list I can see that instances of 'braces' are at 2.3.2.
Any thoughts on how to fix?
Thanks!
abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a space between
node_modulesandpackage-lock.json. The lock file is not inside the node_modules folder. It's at the same level.abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem I have here is that the braces package itself is showing
{ "_from": "braces@^1.8.2",
"_id": "braces@1.8.5",
So how to update that would help.
abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have the same problem. I am unable to update braces, after reinstall they are still 1.8.5.
abdafb0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@martynawilkonska have you removed your
node_modulescache andpackage-lock.jsonfile? If not, try that andnpm installagain. If it still does that, my next hunch is that you'rebracesis a transitive dependency in your package. Trynpm ls bracesand see which package requires it and maybe you can try and upgrade that parent package which potentially will fix your problem.