[BUG] NPM audit command fail with Invalid Version error

amkhan32 commented 2 years ago

Is there an existing issue for this?

[X] I have searched the existing issues

This issue exists in the latest npm version

[X] I am using the latest npm

Current Behavior

When I run sudo npm audit fix it fails like so:

zaci_dev@b5268ab2ee19:/home/amk/appliance/src/zaci_sw/bcSW/bc-reactux/appliance-react-ui$ sudo npm audit fix
npm ERR! Invalid Version: ^5.2.0

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2022-05-26T21_04_56_010Z-debug.log

Upon looking at the logs, this is what I get:

64 verbose stack TypeError: Invalid Version: ^5.2.0
64 verbose stack     at new SemVer (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/semver/classes/semver.js:38:13)
64 verbose stack     at compare (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/semver/functions/compare.js:3:32)
64 verbose stack     at Object.gte (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/semver/functions/gte.js:2:30)
64 verbose stack     at CanPlaceDep.checkCanPlaceCurrent (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/can-place-dep.js:173:51)
64 verbose stack     at CanPlaceDep.checkCanPlace (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/can-place-dep.js:157:27)
64 verbose stack     at new CanPlaceDep (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/can-place-dep.js:114:26)
64 verbose stack     at PlaceDep.place (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/place-dep.js:121:19)
64 verbose stack     at new PlaceDep (/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/place-dep.js:71:10)
64 verbose stack     at /usr/local/lib/nodejs/node-v16.13.2-linux-s390x/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js:944:31
64 verbose stack     at Array.map (<anonymous>)
65 verbose cwd /home/amk/appliance/src/zaci_sw/bcSW/bc-reactux/appliance-react-ui
66 verbose Linux 5.4.0-86-generic
67 verbose argv "/usr/local/lib/nodejs/node-v16.13.2-linux-s390x/bin/node" "/usr/bin/npm" "audit" "fix"
68 verbose node v16.13.2
69 verbose npm  v8.1.2
70 error Invalid Version: ^5.2.0

Expected Behavior

The command should try to fix vulnerabilities and if manual fix is needed. user should be informed in subsequent output.

Steps To Reproduce

In Ubuntu 20.04 on s390 machine
Using node v16.13.2 and npm v8.1.2
Run 'sudo npm audit fix'
See error mentioned above

Environment

npm: 8.1.2
Node.js: 16.13.2
OS Name: Ubuntu 20.04 (Docker and Host)
System Model Name: s390

npm config:

zaci_dev@b5268ab2ee19:/home/amk/appliance/src/zaci_sw/bcSW/bc-reactux/appliance-react-ui$ sudo npm config ls
; node bin location = /usr/local/lib/nodejs/node-v16.13.2-linux-s390x/bin/node
; cwd = /home/amk/appliance/src/zaci_sw/bcSW/bc-reactux/appliance-react-ui
; HOME = /root

ljharb commented 2 years ago

What's the "version" field say in your package.json?

amkhan32 commented 2 years ago

@ljharb This is the package.json:

{
    "name": "ssc_react_ux",
    "version": "0.1.0",
    "private": true,
    "homepage": "./",
    "dependencies": {
        "@carbon/colors": "^10.9.2",
        "@carbon/grid": "^10.10.2",
        "@carbon/icons": "^10.10.2",
        "@carbon/icons-react": "^10.10.2",
        "@carbon/layout": "^10.9.2",
        "@carbon/type": "^10.10.2",
        "carbon-components": "^10.11.2",
        "carbon-components-react": "^7.11.3",
        "carbon-icons": "^7.0.7",
        "i18next": "^21.6.11",
        "i18next-browser-languagedetector": "^3.1.1",
        "react": "^16.13.1",
        "react-dom": "^16.13.1",
        "react-reveal": "^1.2.2",
        "react-router-dom": "^5.1.2"
    },
    "scripts": {
        "start": "react-scripts start",
        "build": "react-scripts build",
        "test": "react-scripts test --env=jsdom --transformIgnorePatterns \"node_modules/(?!(@carbon/icons-react)/)\"",
        "eject": "react-scripts eject",
        "preinstall": "sudo npx npm-force-resolutions"
    },
    "eslintConfig": {
        "extends": "react-app"
    },
    "browserslist": {
        "production": [
            ">0.2%",
            "not dead",
            "not op_mini all"
        ],
        "development": [
            "last 1 chrome version",
            "last 1 firefox version",
            "last 1 safari version"
        ]
    },
    "devDependencies": {
        "babel-core": "^7.0.0-bridge.0",
        "babel-jest": "^24.9.0",
        "browserslist": "^4.16.6",
        "css-what": "^5.0.1",
        "enzyme-adapter-react-16": "^1.15.2",
        "glob-parent": "^6.0.0",
        "react-i18next": "^11.15.4",
        "jest": "^26.6.3",
        "jest-enzyme": "^7.1.2",
        "normalize-url": "^6.1.0",
        "trim-newlines": "^4.0.2",
        "ws": "^7.5.0",
        "tar": "^6.1.11",
        "npm-force-resolutions": "^0.0.10",
        "enzyme": "^3.11.0",
        "lodash": "^4.17.21",
        "node-sass": "^7.0.1",
        "react-scripts": "^5.0.0",
        "sass-loader": "^7.3.1"
    },
    "resolutions": {
        "css-what": "^5.0.1",
        "ws": "^7.5.0",
        "normalize-url": "^6.1.0",
        "browserslist": "^4.16.6",
        "glob-parent": "^6.0.0",
        "trim-newlines": "^4.0.2",
        "set-value": "^4.1.0",
        "nth-check": "^2.0.1",
        "tar": "^6.1.11",
        "immer": "^9.0.6",
        "ansi-regex": "^5.0.1",
        "json-schema": "^0.4.0",
        "postcss": "^8.4.6"
    }
}

gt-novelt commented 2 years ago

I experiencing the same issue but with a different version:

npm ERR! Invalid Version: 3.011.0

I cannot find any reference to that version neither in package.json nor package-lock.json.

amkhan32 commented 2 years ago

@gt-novelt No workaround as of yet :(

gt-novelt commented 2 years ago

@gt-novelt No workaround as of yet :(

Thanks.

I had to use npm install --no-audit although it would still install packages. The audit error would break my install script.

amkhan32 commented 2 years ago

@ljharb Any updates?

ljharb commented 2 years ago

@amkhan32 i don't maintain npm, so no, no updates - just like everywhere else on github, if there were updates, they'd be posted on the issue, and asking if there's updates is always spam.

kylemochrie commented 2 years ago

I experiencing the same issue but with a different version:

npm ERR! Invalid Version: 3.011.0

I cannot find any reference to that version neither in package.json nor package-lock.json.

Had this same issue and was able to resolve it. If you're using json2 as a dependency try changing the version from "*" to "0.1.0" instead. References to version "*" seemed to be causing issues.

amkhan32 commented 2 years ago

@amkhan32 i don't maintain npm, so no, no updates - just like everywhere else on github, if there were updates, they'd be posted on the issue, and asking if there's updates is always spam.

Sure @ljharb . Sorry for that.

amkhan32 commented 2 years ago

I experiencing the same issue but with a different version:

npm ERR! Invalid Version: 3.011.0

I cannot find any reference to that version neither in package.json nor package-lock.json.

Had this same issue and was able to resolve it. If you're using json2 as a dependency try changing the version from "" to "0.1.0" instead. References to version "" seemed to be causing issues.

I dont have a "*" in my package.json, however I am using "^", but I feel the problem is deeper. Cause even removing the caret does not help me.

amkhan32 commented 2 years ago

This also happens for npm install too.

Anutrix commented 11 months ago

Same issue on latest npm and node 20.

npm / cli