Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm install purescript stuck #12

Closed
develop7 opened this issue Jul 6, 2019 · 10 comments · Fixed by #13
Closed

npm install purescript stuck #12

develop7 opened this issue Jul 6, 2019 · 10 comments · Fixed by #13

Comments

@develop7
Copy link

develop7 commented Jul 6, 2019

Repro:

Run npm i -g purescript

Expected: successful installation
Instead: installer gets stuck forever on a ⠹ Check if a prebuilt 0.13.2 binary is provided for Linux step

image

@hdgarrood
Copy link
Collaborator

Can you provide your node and npm version please?

@develop7
Copy link
Author

develop7 commented Jul 6, 2019 via email

@skress
Copy link

skress commented Jul 8, 2019

Same problem here, Ubuntu 18.04, node 12.6.0, npm 6.9.0.

Installing version 0.13.0 works but installing 0.13.2 is stuck in the „Check if prebuilt ...“ step.

@doolse
Copy link

doolse commented Jul 9, 2019

This appears to be a bug in npm package load-from-cwd-or-npm v3.0.2, as it doesn't seem to resolve "request" anymore. You can work-around this by pinning it to 3.0.1 in your package.json:

"dependencies": {
    "purescript": "0.13.2",
    "load-from-cwd-or-npm": "3.0.1"
}

hdgarrood added a commit that referenced this issue Jul 9, 2019
This drops the dependency on npm-cli-dir, load-from-cwd-or-npm, etc.
It might fix #12.
hdgarrood added a commit that referenced this issue Jul 9, 2019
This drops the dependency on npm-cli-dir, load-from-cwd-or-npm, etc.
It might fix #12.
@hdgarrood hdgarrood reopened this Jul 9, 2019
@hdgarrood
Copy link
Collaborator

Oops, accidentally closed via a commit keyword.

@hdgarrood
Copy link
Collaborator

I've published a new release which vendors dl-tar in order to require request in the standard way instead of using load-from-cwd-or-npm. It seems to fix the issue for me. Can anyone else check please?

@hdgarrood
Copy link
Collaborator

(Thanks @doolse for helping investigate!)

@skress
Copy link

skress commented Jul 9, 2019

Yes, it works again. Thanks for the fix!

@hdgarrood
Copy link
Collaborator

Great. Please open new issues if anything else arises.

@hdgarrood
Copy link
Collaborator

It turns out that this issue was deliberate sabotage. See https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/

Thanks again to @doolse, whose investigation greatly helped in tracking this down.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants