search

mozilla / npm-lockdown

Lock down your npm dependencies by shasum.
Mozilla Public License 2.0
207 stars 30 forks source link

Error: spawn ENOENT #48

Open tylercollier opened 8 years ago

tylercollier commented 8 years ago

The instructions in the README say to add this to package.json:

"scripts": { "preinstall": "lockdown" }

However, when I do that, I get this error:

~/tmp/nodeproj$ npm i
> undefined preinstall /home/tylercollier/tmp/nodeproj
> lockdown

: No such file or directory

npm WARN nodeproj No description
npm WARN nodeproj No repository field.
npm WARN nodeproj No license field.
npm ERR! Linux 3.13.0-74-generic
npm ERR! argv "/home/tylercollier/.nodenv/versions/v4.2.3/bin/node" "/home/tylercollier/.nodenv/versions/v4.2.3/bin/npm" "i"
npm ERR! node v4.2.3
npm ERR! npm  v3.5.1
npm ERR! file sh
npm ERR! code ELIFECYCLE
npm ERR! errno ENOENT
npm ERR! syscall spawn
npm ERR! undefined preinstall: `lockdown`
npm ERR! spawn ENOENT

To fix, I changed it to be:

"scripts": { "preinstall": "node node_modules/.bin/lockdown" }

which seems to work fine.

I'm guessing this has something to do with my environment (Ubuntu 14.04, using node 4.2.3 with nodenv, using npm 3.5.1)? Or I must be missing something if no one else has reported this. But what's happening makes sense to me. Simply having lockdown as a preinstall script shouldn't work, unless you've added node_modules/.bin to your PATH (environment variable) or something, right? But that's not part of the README.

tylercollier commented 8 years ago

If you want to reproduce, throw this in a package.json in some empty directory and do npm install:

{
  "devDependencies": {
    "lockdown": "0.0.8-dev"
  },
  "dependencies": {
  },
  "scripts": {
    "preinstall": "lockdown"
  }
}
nickvoegeli commented 8 years ago

Seeing the same error here on OSX 10.11.3:

npm ERR! Darwin 15.2.0
npm ERR! argv "/Users/nickvoegeli/.nodenv/versions/4.2.3/bin/node" "/Users/nickvoegeli/.nodenv/versions/4.2.3/bin/npm" "install"
npm ERR! node v4.2.3
npm ERR! npm  v2.14.7
npm ERR! file sh
npm ERR! code ELIFECYCLE
npm ERR! errno ENOENT
npm ERR! syscall spawn
npm ERR! project@0.0.1 preinstall: `lockdown`
npm ERR! spawn ENOENT
vladikoff commented 8 years ago

I don't remember the context with this but it make sense that this fails because the module is not installed yet and you are trying to run this in the PREINSTALL step.

vladikoff commented 8 years ago

I'm not clear how it worked before, seems like there are some docs suggesting that it was possible before.

tylercollier commented 8 years ago

@vladikoff What your'e saying makes sense, but it can't be the issue, because I manually installed the package with npm install --save lockdown, as suggested in the readme, as step 1. So, the module is installed when the preinstall step runs. Again, you can try this with the reproduction step I gave. In an empty directory, type npm install --save lockdown. Then copy the package.json I provided into the directory and run npm install. Even though the lockdown package exists, you'll get the error.

Because I mentioned a work-around, this case can be closed, but I suggest the README should be updated with the workaround mentioned.

KellerFuchs commented 8 years ago

DISCLAIMER: I don't use Node, so I might be talking shit.

@tylercollier Sounds like either node_modules/.bin/ is not in $PATH when the hook is executed, or the lockdown file isn't set as executable or it has a wrong shebang. Can you check that?

If you don't know how, the output of ls -Al node_modules/.bin/lockdown and head node_modules/.bin/lockdown are a good start.

tylercollier commented 8 years ago

@KellerFuchs should node_modules/.bin/ be in my path? It's not mentioned in the README, nor have I seen it as a common suggestion to do so. One would have to do that for each project they work on, right?

I gave a simple set of instructions for reproduction. One person said they saw the same problem, but @vladikoff didn't mention if he tried reproducing.