TypeError when doing npm install because of npm-audit-report

[trickeyone]

I recently upgraded to npm v6 and I'm not getting errors coming from this package. Here is the error from the npm verbose log:

69 verbose stack TypeError: Object.entries is not a function
69 verbose stack at Object.report [as install] (/usr/local/lib/node_modules/npm/node_modules/npm-audit-report/reporters/install.js:27:31)
69 verbose stack at Promise (/usr/local/lib/node_modules/npm/node_modules/npm-audit-report/index.js:18:46)
69 verbose stack at report (/usr/local/lib/node_modules/npm/node_modules/npm-audit-report/index.js:17:10)
69 verbose stack at Object.printInstallReport (/usr/local/lib/node_modules/npm/lib/install/audit.js:87:10)
69 verbose stack at Object.Installer.printInstalledForHuman (/usr/local/lib/node_modules/npm/lib/install.js:847:31)
69 verbose stack at Bluebird.try.then (/usr/local/lib/node_modules/npm/lib/install.js:774:19)
69 verbose stack at tryCatcher (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
69 verbose stack at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
69 verbose stack at Promise._settlePromise (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
69 verbose stack at Promise._settlePromise0 (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
69 verbose stack at Promise._settlePromises (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:693:18)
69 verbose stack at Async._drainQueue (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:133:16)
69 verbose stack at Async._drainQueues (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:143:10)
69 verbose stack at Immediate.Async.drainQueues (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
69 verbose stack at runCallback (timers.js:672:20)
69 verbose stack at tryOnImmediate (timers.js:645:5)

The offending line is const severities = Object.entries(data.metadata.vulnerabilities).filter((value) => {

OS Info:
Mac OSX Sierra 10.12.6
node: v6.11.4
npm: 6.0.0

[evilpacket]

@trickeyone you'll want npm@next npm i npm@next -g

I removed Object.entries from later versions of this library which are now included in that version.

[trickeyone]

Yeah, can't do that. This is for a production app, so doing next isn't an option.

[evilpacket]

@trickeyone understandable. The next release of the cli will likely be this week.

[gwsu2008]

I just ran into the same issue npm install failed with "npm ERR! Object.entries is not a function"
Downgrade back to npm@5.8.0 then npm install works again.

[ljharb]

It seems that 8814da0 was in v1.0.6-v1.0.8, but was removed before v1.0.9?

See npm/npm#20553 as well.

[knolleary]

Given this breaks npm 6.0.0 on node <8, any chance of bringing forward a release of npm with the fix? We have a growing number of users hitting this issue in a PaaS environment where the buildpack (which is outside of our control) is picking up node 6 and npm 6 and we cannot easily change it.

[ljharb]

https://twitter.com/maybekatz/status/994111802827927552

It seems it's fixed in npm "next", which will hopefully be released as "latest" soon.

[knolleary]

@ljharb thanks for the link - good to know it is imminent Appreciate all the work everyone does here. 👍

[ljharb]

npm v6.0.1 is released (and this repo now contains v1.0.9) so this can be closed.