Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm install purescript stuck #12

Closed
develop7 opened this issue Jul 6, 2019 · 10 comments
Closed

npm install purescript stuck #12

develop7 opened this issue Jul 6, 2019 · 10 comments

Comments

@develop7
Copy link

@develop7 develop7 commented Jul 6, 2019

Repro:

Run npm i -g purescript

Expected: successful installation
Instead: installer gets stuck forever on a ⠹ Check if a prebuilt 0.13.2 binary is provided for Linux step

image

@hdgarrood
Copy link
Member

@hdgarrood hdgarrood commented Jul 6, 2019

Can you provide your node and npm version please?

Loading

@develop7
Copy link
Author

@develop7 develop7 commented Jul 6, 2019

Loading

@skress
Copy link

@skress skress commented Jul 8, 2019

Same problem here, Ubuntu 18.04, node 12.6.0, npm 6.9.0.

Installing version 0.13.0 works but installing 0.13.2 is stuck in the „Check if prebuilt ...“ step.

Loading

@doolse
Copy link

@doolse doolse commented Jul 9, 2019

This appears to be a bug in npm package load-from-cwd-or-npm v3.0.2, as it doesn't seem to resolve "request" anymore. You can work-around this by pinning it to 3.0.1 in your package.json:

"dependencies": {
    "purescript": "0.13.2",
    "load-from-cwd-or-npm": "3.0.1"
}

Loading

hdgarrood added a commit that referenced this issue Jul 9, 2019
This drops the dependency on npm-cli-dir, load-from-cwd-or-npm, etc.
It might fix #12.
@hdgarrood hdgarrood closed this in #13 Jul 9, 2019
hdgarrood added a commit that referenced this issue Jul 9, 2019
This drops the dependency on npm-cli-dir, load-from-cwd-or-npm, etc.
It might fix #12.
@hdgarrood hdgarrood reopened this Jul 9, 2019
@hdgarrood
Copy link
Member

@hdgarrood hdgarrood commented Jul 9, 2019

Oops, accidentally closed via a commit keyword.

Loading

@hdgarrood
Copy link
Member

@hdgarrood hdgarrood commented Jul 9, 2019

I've published a new release which vendors dl-tar in order to require request in the standard way instead of using load-from-cwd-or-npm. It seems to fix the issue for me. Can anyone else check please?

Loading

@hdgarrood
Copy link
Member

@hdgarrood hdgarrood commented Jul 9, 2019

(Thanks @doolse for helping investigate!)

Loading

@skress
Copy link

@skress skress commented Jul 9, 2019

Yes, it works again. Thanks for the fix!

Loading

@hdgarrood
Copy link
Member

@hdgarrood hdgarrood commented Jul 9, 2019

Great. Please open new issues if anything else arises.

Loading

@hdgarrood hdgarrood closed this Jul 9, 2019
@hdgarrood
Copy link
Member

@hdgarrood hdgarrood commented Jul 12, 2019

It turns out that this issue was deliberate sabotage. See https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/

Thanks again to @doolse, whose investigation greatly helped in tracking this down.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

4 participants