Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@vue/vue-cli depends on @vue/vue-loader-v15, but @vue/vue-loader-v15 has been removed by npm #7098

Open
mxue12138 opened this issue Apr 7, 2022 · 4 comments
Open

@vue/vue-cli depends on @vue/vue-loader-v15, but @vue/vue-loader-v15 has been removed by npm #7098

mxue12138 opened this issue Apr 7, 2022 · 4 comments

Comments

@mxue12138
Copy link

Version

5.0.4

Reproduction link

github.com

Environment info

Environment Info:

  System:
    OS: macOS 11.6.5
    CPU: (4) x64 Intel(R) Core(TM) i7-7660U CPU @ 2.50GHz
  Binaries:
    Node: 14.17.6 - /usr/local/opt/node@14/bin/node
    Yarn: 1.22.17 - ~/.yarn/bin/yarn
    npm: 6.14.15 - /usr/local/opt/node@14/bin/npm
  Browsers:
    Chrome: 96.0.4664.110
    Edge: Not Found
    Firefox: Not Found
    Safari: 15.4
  npmPackages:
    @vue/babel-helper-vue-jsx-merge-props:  1.2.1
    @vue/babel-helper-vue-transform-on:  1.0.2
    @vue/babel-plugin-jsx:  1.1.1
    @vue/babel-plugin-transform-vue-jsx:  1.2.1
    @vue/babel-preset-app:  5.0.4
    @vue/babel-preset-jsx:  1.2.4
    @vue/babel-sugar-composition-api-inject-h:  1.2.1
    @vue/babel-sugar-composition-api-render-instance:  1.2.4
    @vue/babel-sugar-functional-vue:  1.2.2
    @vue/babel-sugar-inject-h:  1.2.2
    @vue/babel-sugar-v-model:  1.2.3
    @vue/babel-sugar-v-on:  1.2.3
    @vue/cli-overlay:  5.0.4
    @vue/cli-plugin-babel: ~5.0.0 => 5.0.4
    @vue/cli-plugin-eslint: ~5.0.0 => 5.0.4
    @vue/cli-plugin-router:  5.0.4
    @vue/cli-plugin-vuex:  5.0.4
    @vue/cli-service: ~5.0.0 => 5.0.4
    @vue/cli-shared-utils:  5.0.4
    @vue/component-compiler-utils:  3.3.0
    @vue/eslint-config-standard: ^6.1.0 => 6.1.0
    @vue/web-component-wrapper:  1.3.0
    eslint-plugin-vue: ^8.0.3 => 8.6.0
    vue: ^2.6.14 => 2.6.14
    vue-eslint-parser:  8.3.0
    vue-hot-reload-api:  2.3.4
    vue-loader:  17.0.0 (15.9.8)
    vue-style-loader:  4.1.3
    vue-template-compiler: ^2.6.14 => 2.6.14
    vue-template-es2015-compiler:  1.9.1
  npmGlobalPackages:
    @vue/cli: 5.0.4

Steps to reproduce

git clone https://github.com/mxue12138/vue-cli_test
cd vue-cli_test && npm install
npm install js-cookie (or any package)

What is expected?

npm install js-cookie done

What is actually happening?

npm ERR! code E404
npm ERR! 404 Not Found - GET https://r.cnpmjs.org/@vue%2fvue-loader-v15 - [NOT_FOUND] @vue/vue-loader-v15 not found
npm ERR! 404
npm ERR! 404 '@vue/vue-loader-v15@15.9.8' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of '@vue/cli-service'
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

@vue/vue-cli 5.0.4/5.0.4/5.0.* depends on @vue/vue-loader-v15, but @vue/vue-loader-v15 has been removed by npm,

https://www.npmjs.com/search?q=%40vue%2Fvue-loader-v15
"This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future."
@YusufMavzer
Copy link

Anyone that solved this issue???

@YusufMavzer
Copy link

@mxue12138 solved the issue by version bumping Node to 16.15.0

@mxue12138
Copy link
Author

@mxue12138 通过将 Node 升级到 16.15.0 解决了这个问题

Thank you, but I can't upgrade node, but it works fine with yarn

jtojnar added a commit to nix-community/napalm that referenced this issue Oct 10, 2022
@jtojnar
Add support for npm pointers
7a97ead 
`@vue/vue-loader-v15` has been removed from npm because it contained malware
but `@vue/cli-service` still uses it in its `package.json`, only redirects it
to a different package using `npm:vue-loader@15.10.0` as version constraint.

vuejs/vue-cli#7098

`npm` would try to look up the target package but napalm-registry
was not aware of this replacement, so it would crash with “No such tarball”.
@jtojnar jtojnar mentioned this issue Oct 10, 2022
Merged
jtojnar added a commit to nix-community/napalm that referenced this issue Oct 10, 2022
@jtojnar
Add support for npm pointers
fdf7f14 
`@vue/vue-loader-v15` has been removed from npm because it contained malware
but `@vue/cli-service` still uses it in its `package.json`, only redirects it
to a different package using `npm:vue-loader@15.10.0` as version constraint.

vuejs/vue-cli#7098

`npm` would try to look up the target package but napalm-registry
was not aware of this replacement, so it would crash with “No such tarball”.
jtojnar added a commit to nix-community/napalm that referenced this issue Oct 10, 2022
@jtojnar
Add support for npm aliases
f9b0ab8 
`@vue/vue-loader-v15` has been removed from npm because it contained malware
but `@vue/cli-service` still uses it in its `package.json`, only aliases
a different package using `npm:vue-loader@15.10.0` as version constraint.

vuejs/vue-cli#7098

`npm` would try to look up the target package but napalm-registry
was not aware of this replacement, so it would crash with “No such tarball”.

https://docs.npmjs.com/cli/v8/using-npm/package-spec#aliases
@Platform-Group
Copy link

Platform-Group commented Jul 24, 2023
edited

@YusufMavzer I'm getting this with the latest version of node

Solved by bumping vue cli version up from 5.0.0 to 5.0.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@YusufMavzer @mxue12138 @Platform-Group