search

mitre-attack / attack-navigator

Web app that provides basic navigation and annotation of ATT&CK matrices
https://mitre-attack.github.io/attack-navigator
Apache License 2.0
1.99k stars 592 forks source link

npm ERR! code ERESOLVE #509

Open zencharcoal opened 2 years ago

zencharcoal commented 2 years ago

Whether trying to build the web app directly and running into errors with ng serve & ng build OR trying to build a docker image - the outdated versions of angularcli and peer dependencies within npm are not compatible with more recent versions.

I have been bouncing around with this for a couple days now, so I don't have all of the different errors or workarounds that were attempted, but hoping someone can provide guidance.

Docker

charcoal@tesbuntu:~/attack-navigator$ sudo docker build . [sudo] password for charcoal: Sending build context to Docker daemon 39.76MB Step 1/11 : FROM node:16 16: Pulling from library/node b6d6a76ebdbe: Pull complete 6a6315e89337: Pull complete 4ad12dd0da3e: Pull complete 08a0ceb4387f: Pull complete 2a0ae5ed3318: Pull complete 63930fd517b3: Pull complete 4bb5869b822e: Pull complete a1ec7ad8846f: Pull complete c6db94ff9d66: Pull complete Digest: sha256:b35e76ba744a975b9a5428b6c3cde1a1cf0be53b246e1e9a4874f87034222b5a Status: Downloaded newer image for node:16 ---> 946ee375d0e0 Step 2/11 : WORKDIR /src ---> Running in 0ecedcd07017 Removing intermediate container 0ecedcd07017 ---> a04033500cd0 Step 3/11 : COPY nav-app/ /src/nav-app/ ---> 1c35db8aadcb Step 4/11 : COPY layers/.md /src/layers/ ---> 230ee6802f0a Step 5/11 : COPY .md /src/ ---> e305a31fcc00 Step 6/11 : WORKDIR /src/nav-app ---> Running in 69b13eb2a619 Removing intermediate container 69b13eb2a619 ---> 3d4b514548ba Step 7/11 : RUN chown -R node:node ./ ---> Running in bd4ca4dcb594 Removing intermediate container bd4ca4dcb594 ---> c24e82fe7284 Step 8/11 : RUN npm install --unsafe-perm ---> Running in 3702588eb9ae npm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve npm ERR! npm ERR! While resolving: @angular-devkit/build-angular@0.1100.7 npm ERR! Found: karma@5.0.9 npm ERR! node_modules/karma npm ERR! dev karma@"~5.0.0" from the root project npm ERR! peer karma@"*" from karma-jasmine@4.0.2 npm ERR! node_modules/karma-jasmine npm ERR! dev karma-jasmine@"~4.0.0" from the root project npm ERR! peer karma-jasmine@">=1.1" from karma-jasmine-html-reporter@1.7.0 npm ERR! node_modules/karma-jasmine-html-reporter npm ERR! dev karma-jasmine-html-reporter@"^1.5.0" from the root project npm ERR! 1 more (karma-jasmine-html-reporter) npm ERR! npm ERR! Could not resolve dependency: npm ERR! peerOptional karma@"~5.1.0" from @angular-devkit/build-angular@0.1100.7 npm ERR! node_modules/@angular-devkit/build-angular npm ERR! dev @angular-devkit/build-angular@"~0.1100.3" from the root project npm ERR! npm ERR! Conflicting peer dependency: karma@5.1.1 npm ERR! node_modules/karma npm ERR! peerOptional karma@"~5.1.0" from @angular-devkit/build-angular@0.1100.7 npm ERR! node_modules/@angular-devkit/build-angular npm ERR! dev @angular-devkit/build-angular@"~0.1100.3" from the root project npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force, or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! See /root/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in: npm ERR! /root/.npm/_logs/2022-10-13T12_56_44_523Z-debug-0.log The command '/bin/sh -c npm install --unsafe-perm' returned a non-zero code: 1 charcoal@tesbuntu:~/attack-navigator$

WebServer

charcoal@tesbuntu:~/attack-navigator/nav-app$ npm install npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@angular-devkit/schematics@11.2.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@angular-devkit/core@11.2.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@angular/cli@11.2.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@angular-devkit/architect@0.1102.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@angular-devkit/core@11.2.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@schematics/angular@11.2.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@angular-devkit/core@11.2.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@schematics/update@0.1102.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: '@angular-devkit/core@11.2.19', npm WARN EBADENGINE required: { node: '>= 10.13.0', npm: '^6.11.0 || ^7.5.6', yarn: '>= 1.13.0' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'karma-cli@1.0.1', npm WARN EBADENGINE required: { node: '0.10 || 0.12 || 4 || 5 || 6' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'mathjs@10.5.3', npm WARN EBADENGINE required: { node: '>= 14' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x. npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies npm WARN deprecated @schematics/update@0.1102.19: This was an internal-only Angular package up through Angular v11 which is no longer used or maintained. Upgrade Angular to v12+ to remove this dependency. npm WARN deprecated @angular/http@7.2.16: Package no longer supported. Use @angular/common instead, see https://angular.io/guide/deprecations#angularhttp npm WARN deprecated tslint@6.1.3: TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information. npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. npm WARN deprecated core-js@3.6.5: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

attack-navigator@4.6.6 postinstall node patch-webpack.js

patching node_modules/@angular-devkit/build-angular/src/webpack/configs/browser.js postinstall completed successfully

added 1685 packages, and audited 1686 packages in 2m

111 packages are looking for funding run npm fund for details

37 vulnerabilities (2 low, 6 moderate, 29 high)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force

Run npm audit for details. charcoal@tesbuntu:~/attack-navigator/nav-app$ ng serve Command 'ng' not found, but can be installed with: sudo apt install ng-common charcoal@tesbuntu:~/attack-navigator/nav-app$ npm install @angular/cli npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'karma-cli@1.0.1', npm WARN EBADENGINE required: { node: '0.10 || 0.12 || 4 || 5 || 6' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'mathjs@10.5.3', npm WARN EBADENGINE required: { node: '>= 14' }, npm WARN EBADENGINE current: { node: 'v12.22.9', npm: '8.5.1' } npm WARN EBADENGINE } npm WARN deprecated @schematics/update@0.1101.2: This was an internal-only Angular package up through Angular v11 which is no longer used or maintained. Upgrade Angular to v12+ to remove this dependency.

added 3 packages, removed 8 packages, changed 15 packages, and audited 1681 packages in 11s

111 packages are looking for funding run npm fund for details

37 vulnerabilities (2 low, 6 moderate, 29 high)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force

Run npm audit for details. charcoal@tesbuntu:~/attack-navigator/nav-app$ ng serve Command 'ng' not found, but can be installed with: sudo apt install ng-common charcoal@tesbuntu:~/attack-navigator/nav-app$ ng serve

jthDEV commented 2 years ago

I ran into the same issues. Reading the failure messages points towards node version conflicts. But there is a simple resolution: build the docker but use node:12 Modify the Dockerfile in the root accordingly in line 3 then use the following commands to build and run the container:

docker build -t mitre-attack .

docker run -p 4200:4200 mitre-attack:latest

Then you will be able to point your browser to http://0.0.0.0:4200

zencharcoal commented 2 years ago

Thanks for that information. I have tried the workaround as described but I am still receiving the same error as described below. I suppose it could have to do with the Lockfile version but I didn't think that would create such an error:

charcoal@ubuntu-latest:~/attack-navigator$ cat Dockerfile

Build stage

FROM node:12

WORKDIR /src

copy over needed files

COPY nav-app/ /src/nav-app/ COPY layers/.md /src/layers/ COPY .md /src/

WORKDIR /src/nav-app

give user permissions

RUN chown -R node:node ./

install packages and build

RUN npm install --unsafe-perm

EXPOSE 4200

CMD npm start

USER node charcoal@ubuntu-latest:~/attack-navigator$ docker build -t mitre-attack . ERRO[0001] Can't add file /home/charcoal/attack-navigator/.git/hooks/push-to-checkout.sample to tar: io: read/write on closed pipe ERRO[0001] Can't close tar writer: io: read/write on closed pipe Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&rm=1&shmsize=0&t=mitre-attack&target=&ulimits=null&version=1": dial unix /var/run/docker.sock: connect: permission denied charcoal@ubuntu-latest:~/attack-navigator$ sudo docker build -t mitre-attack . [sudo] password for charcoal: Sending build context to Docker daemon 651.1MB Step 1/11 : FROM node:12 ---> 6c8de432fc7f Step 2/11 : WORKDIR /src ---> Using cache ---> 85fc1185d010 Step 3/11 : COPY nav-app/ /src/nav-app/ ---> Using cache ---> f222630c6534 Step 4/11 : COPY layers/.md /src/layers/ ---> Using cache ---> 9ed27da647e9 Step 5/11 : COPY .md /src/ ---> Using cache ---> ec1893b782ba Step 6/11 : WORKDIR /src/nav-app ---> Using cache ---> 361843a5dbe9 Step 7/11 : RUN chown -R node:node ./ ---> Using cache ---> 84f045a99806 Step 8/11 : RUN npm install --unsafe-perm ---> Running in 97c6b6e17de6 npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I'll try to do my best with it! npm WARN @angular/http@7.2.16 requires a peer of @angular/core@7.2.16 but none is installed. You must install peer dependencies yourself. npm WARN @angular/http@7.2.16 requires a peer of @angular/platform-browser@7.2.16 but none is installed. You must install peer dependencies yourself.

npm ERR! code ECONNREFUSED npm ERR! errno ECONNREFUSED npm ERR! FetchError: request to https://registry.npmjs.org/rxjs/-/rxjs-6.6.3.tgz failed, reason: connect ECONNREFUSED 104.16.17.35:443 npm ERR! at ClientRequest. (/usr/local/lib/node_modules/npm/node_modules/node-fetch-npm/src/index.js:68:14) npm ERR! at ClientRequest.emit (events.js:314:20) npm ERR! at TLSSocket.socketErrorListener (_http_client.js:427:9) npm ERR! at TLSSocket.emit (events.js:314:20) npm ERR! at emitErrorNT (internal/streams/destroy.js:92:8) npm ERR! at emitErrorAndCloseNT (internal/streams/destroy.js:60:3) npm ERR! at processTicksAndRejections (internal/process/task_queues.js:84:21) npm ERR! FetchError: request to https://registry.npmjs.org/rxjs/-/rxjs-6.6.3.tgz failed, reason: connect ECONNREFUSED 104.16.17.35:443 npm ERR! at ClientRequest. (/usr/local/lib/node_modules/npm/node_modules/node-fetch-npm/src/index.js:68:14) npm ERR! at ClientRequest.emit (events.js:314:20) npm ERR! at TLSSocket.socketErrorListener (_http_client.js:427:9) npm ERR! at TLSSocket.emit (events.js:314:20) npm ERR! at emitErrorNT (internal/streams/destroy.js:92:8) npm ERR! at emitErrorAndCloseNT (internal/streams/destroy.js:60:3) npm ERR! at processTicksAndRejections (internal/process/task_queues.js:84:21) { npm ERR! type: 'system', npm ERR! errno: 'ECONNREFUSED', npm ERR! code: 'ECONNREFUSED', npm ERR! parent: '@angular-devkit/architect' npm ERR! } npm ERR! npm ERR! If you are behind a proxy, please make sure that the npm ERR! 'proxy' config is set properly. See: 'npm help config'

npm ERR! A complete log of this run can be found in: npm ERR! /root/.npm/_logs/2022-10-18T12_35_30_765Z-debug.log The command '/bin/sh -c npm install --unsafe-perm' returned a non-zero code: 1 charcoal@ubuntu-latest:~/attack-navigator$

jthDEV commented 2 years ago

Might it be, that you try to build behind a proxy or firewall?
npm ERR! FetchError: request to https://registry.npmjs.org/rxjs/-/rxjs-6.6.3.tgz failed, reason: connect ECONNREFUSED 104.16.17.35:443 is an indication that you do not have access to npmjs.org ...

vrfn commented 2 years ago

I faced the same issue but was able to resolve it using a few workarounds.

Downgrading to node:12 made it possible circumvent the dependency resolution problem as outlined in the OP, but when trying compile for use elsewhere with ng build --prod --aot=false --build-optimizer=false, it then fails with: 

Node.js version v12.22.12 detected.
The Angular CLI requires a minimum Node.js version of either v14.15, or v16.10.

Pinning Angular CLI to the highest compatible version (at the time of writing that seems to be 13.3.0, source) will get us one step further but eventually failed with Module not found errors. This is listed as a common issue in the README of this repo (here) and is fixed by running npm run postinstall

For the sake of completeness, my working Dockerfile looks something like this now:


FROM node:12 as builder

RUN apt update && apt install -y --no-install-recommends  git 
RUN git clone https://github.com/mitre-attack/attack-navigator

WORKDIR /attack-navigator/nav-app

RUN chown -R node:node ./
RUN npm install bootstrap
RUN npm install && npm run postinstall
RUN npm install -g @angular/cli@13.3.0
RUN ng build --prod --aot=false --build-optimizer=false

FROM nginx:1.21.6
COPY --from=builder /attack-navigator/nav-app/dist /usr/share/nginx/html

Fixing the root cause is probably a better idea though.

rcruzmar commented 1 year ago

Has there been anything new regarding this? I am not using Docker, just following documentation instructions as before.

I am also having similar problems getting this project up and running within out class environment. We have an older version (offline) we are still able to use. I've been asked to create a new install of Navigator & Website and I am also having similar problems as described above.

Thanks for any information to help get this resolved, work-around or otherwise! :-)