Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

`npm install purescript` stuck #12

Closed
develop7 opened this issue Jul 6, 2019 · 10 comments

Comments

@develop7
Copy link

commented Jul 6, 2019

Repro:

Run npm i -g purescript

Expected: successful installation
Instead: installer gets stuck forever on a ⠹ Check if a prebuilt 0.13.2 binary is provided for Linux step

image

@hdgarrood

This comment has been minimized.

Copy link
Member

commented Jul 6, 2019

Can you provide your node and npm version please?

@develop7

This comment has been minimized.

Copy link
Author

commented Jul 6, 2019

@skress

This comment has been minimized.

Copy link

commented Jul 8, 2019

Same problem here, Ubuntu 18.04, node 12.6.0, npm 6.9.0.

Installing version 0.13.0 works but installing 0.13.2 is stuck in the „Check if prebuilt ...“ step.

@doolse

This comment has been minimized.

Copy link

commented Jul 9, 2019

This appears to be a bug in npm package load-from-cwd-or-npm v3.0.2, as it doesn't seem to resolve "request" anymore. You can work-around this by pinning it to 3.0.1 in your package.json:

"dependencies": {
    "purescript": "0.13.2",
    "load-from-cwd-or-npm": "3.0.1"
}

hdgarrood added a commit that referenced this issue Jul 9, 2019

Vendor dl-tar, load request normally
This drops the dependency on npm-cli-dir, load-from-cwd-or-npm, etc.
It might fix #12.

@hdgarrood hdgarrood closed this in #13 Jul 9, 2019

hdgarrood added a commit that referenced this issue Jul 9, 2019

Vendor dl-tar, load request normally (#13)
This drops the dependency on npm-cli-dir, load-from-cwd-or-npm, etc.
It might fix #12.

@hdgarrood hdgarrood reopened this Jul 9, 2019

@hdgarrood

This comment has been minimized.

Copy link
Member

commented Jul 9, 2019

Oops, accidentally closed via a commit keyword.

@hdgarrood

This comment has been minimized.

Copy link
Member

commented Jul 9, 2019

I've published a new release which vendors dl-tar in order to require request in the standard way instead of using load-from-cwd-or-npm. It seems to fix the issue for me. Can anyone else check please?

@hdgarrood

This comment has been minimized.

Copy link
Member

commented Jul 9, 2019

(Thanks @doolse for helping investigate!)

@skress

This comment has been minimized.

Copy link

commented Jul 9, 2019

Yes, it works again. Thanks for the fix!

@hdgarrood

This comment has been minimized.

Copy link
Member

commented Jul 9, 2019

Great. Please open new issues if anything else arises.

@hdgarrood hdgarrood closed this Jul 9, 2019

@hdgarrood

This comment has been minimized.

Copy link
Member

commented Jul 12, 2019

It turns out that this issue was deliberate sabotage. See https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/

Thanks again to @doolse, whose investigation greatly helped in tracking this down.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.