npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

[AgNm]

I'm opening this issue because:

• [ ] npm is doing something I don't understand.

  What's going wrong?

I'm getting above warning while installing cordova. How I can resolve it?

How can the CLI team reproduce the problem?

1. Install nodejs from https://nodejs.org/en/ (v6.3.0 Current)
2. Go to cmd
3. Then run $ sudo npm install -g cordova

When I'm running command "$npm install -g cordova", I'm getting below warning :

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN checkPermissions Missing write access to /Users/test/npm/lib/node_modules/cordova npm WARN checkPermissions Missing write access to /Users/test/npm/lib/node_modules

And Below errors : npm ERR! Please try running this command again as root/Administrator. npm ERR! Please include the following file with any support request: npm ERR! /Users/SIPL218/npm-debug.log

supporting information:

I'm using latest version :

• npm -v prints: 3.10.3
• node -v prints: v6.3.0
• npm config get registry prints: https://registry.npmjs.org/
• Windows, OS X, or Linux?: OS X

[ihussainafridi]

Please i have same problem ... solve this anyone

[kenany]

If you run npm ls minimatch, you can see which modules are depending on that vulnerable version of minimatch. You can then ask the authors of those modules to update their minimatch dependency (or better yet you can send a PR for it yourself).

[yash2code]

same warning when running npm install .

[kenany]

@yash2code What error? The original post is regarding a warning. (comment has since been edited)

[Trebohdz]

I have the same warning in each npm install, can be update minimatch globally the solution? just a theory, I'm new in node

[Ubiquitous-X]

I am installing Node for the first time, and a Google search of the error message I got when trying an install with npm brought me here. Same as topic. It is a fresh 4.4.7 install on an Ubuntu 14.04 droplet.

[FullHeleno]

Estou tendo o mesmo problema também.

[AgNm]

I'm getting below response while running npm ls minimatch

Mac-Pro:~ User$ npm ls minimatch /Users/Test └─┬ cordova@6.2.0 ├─┬ cordova-common@1.3.0 │ └── minimatch@3.0.2 └─┬ cordova-lib@6.2.0 ├─┬ cordova-js@4.1.4 │ └─┬ browserify@10.1.3 │ └─┬ glob@4.5.3 │ └── minimatch@2.0.10 └─┬ npm@2.15.9 ├── minimatch@3.0.0 └─┬ node-gyp@3.4.0 └── minimatch@3.0.2

Please help.

[ghost]

Same exact problem. If I wait a few minutes, the install will continue.

[bennycode]

I'm having the same issue. For me browser-sync was requiring minimatch v2.0.10.

Luckily they already fixed it in: https://github.com/BrowserSync/browser-sync/commit/21edcc13edce9da344c06ff3f9885e6dea43f766

[AgNm]

Please resolve this issue...

[PastestLtd]

Same problem here.

[PastestLtd]

If I run npm ls minimatch I get the following; it means little to me, but hopefully might help someone resolve the problem...?

├─┬ chromedriver@2.21.2 │ └─┬ rimraf@2.5.3 │ └─┬ glob@7.0.5 │ └── minimatch@3.0.2 ├─┬ gulp@3.9.1 │ ├─┬ liftoff@2.2.4 │ │ └─┬ findup-sync@0.3.0 │ │ └─┬ glob@5.0.15 │ │ └── minimatch@3.0.2 │ └─┬ vinyl-fs@0.3.14 │ ├─┬ glob-stream@3.1.18 │ │ └── minimatch@2.0.10 │ └─┬ glob-watcher@0.0.6 │ └─┬ gaze@0.5.2 │ └─┬ globule@0.1.0 │ └── minimatch@0.2.14 ├─┬ gulp-sass@2.3.2 │ └─┬ node-sass@3.8.0 │ ├─┬ gaze@1.1.0 │ │ └─┬ globule@1.0.0 │ │ └── minimatch@3.0.2 │ ├─┬ glob@7.0.5 │ │ └── minimatch@3.0.2 │ └─┬ node-gyp@3.4.0 │ └── minimatch@3.0.2 ├─┬ jasmine@2.4.1 │ └─┬ glob@3.2.11 │ └── minimatch@0.3.0 ├─┬ karma@0.12.37 │ ├─┬ chokidar@1.6.0 │ │ ├─┬ fsevents@1.0.12 │ │ │ ├─┬ fstream-ignore@1.0.3 │ │ │ │ └── minimatch@3.0.0 │ │ │ └─┬ rimraf@2.5.2 │ │ │ └─┬ glob@7.0.3 │ │ │ └── minimatch@3.0.0 │ │ └─┬ readdirp@2.1.0 │ │ └── minimatch@3.0.2 │ ├── minimatch@2.0.10 │ └─┬ rimraf@2.5.3 │ └─┬ glob@7.0.5 │ └── minimatch@3.0.2 ├─┬ phantomjs@1.9.20 │ └─┬ fs-extra@0.26.7 │ └─┬ rimraf@2.5.3 │ └─┬ glob@7.0.5 │ └── minimatch@3.0.2 ├─┬ replace@0.3.0 │ └── minimatch@0.2.14 └─┬ selenium-webdriver@2.53.3 └─┬ rimraf@2.5.3 └─┬ glob@7.0.5 └── minimatch@3.0.2

[ghost]

Cordova-JS has a dependency on an older version of Browserify that uses the older versions of Mimimatch. I put in a JIRA ticket for Cordova-JS to fix this, hopefully it is fixed quickly.

[gwoodbridge]

I'm having the same issue. When I run npm ls minimatch, I get this

└── (empty)

npm ERR! code 1

[Lincolnerson]

I got same issue. But then i ran command 'npm cordova -v' to check its installed or not, and yes it was installed. I had same issue while installing phonegap, but then i found that its instaled too. Can you check in your workspace.

[AgNm]

@Lincolnerson by running command 'npm cordova -v', you are getting npm version... not cordova... please cross check.

[Lincolnerson]

Yes, agree with you. Made a mistake. But have you checked that cordova installed or not. Let me know if i have misunderstand any thing. I am new for this.

[AgNm]

Yes i have checked... it is not getting installed

[Lincolnerson]

This is what i had while trying to install phonegap:

$ npm install -g phonegap@latest npm WARN deprecated lodash@1.0.2: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0. npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@3.0.8: graceful-fs v3.0.0 and before will fail o n node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible . Use 'npm ls graceful-fs' to find it in the tree. npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail o n node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible . Use 'npm ls graceful-fs' to find it in the tree. npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue C:\Users\Administrator\AppData\Roaming\npm\phonegap -> C:\Users\Administrator\Ap pData\Roaming\npm\node_modules\phonegap\bin\phonegap.js phonegap@6.2.9 C:\Users\Administrator\AppData\Roaming\npm\node_modules\phonegap ├── pluralize@0.0.4 ├── opener@1.4.1 ├── colors@0.6.0-1 ├── semver@1.1.0 ├── minimist@0.1.0 ├── qrcode-terminal@0.9.4 ├── shelljs@0.1.4 ├── update-notifier@0.6.3 (is-npm@1.0.0, semver-diff@2.1.0, configstore@2.0.0, c halk@1.1.3, boxen@0.3.1, latest-version@2.0.0) ├── prompt@0.2.11 (revalidator@0.1.8, pkginfo@0.4.0, read@1.0.7, winston@0.6.2, utile@0.2.1) ├── phonegap-build@0.10.0 (colors@0.6.2, qrcode-terminal@0.8.0, shelljs@0.0.9, o ptimist@0.3.7, phonegap-build-api@0.4.0) ├── insight@0.8.2 (object-assign@4.1.0, async@1.5.2, tough-cookie@2.2.2, node-uu id@1.4.7, lodash.debounce@3.1.1, chalk@1.1.3, configstore@1.4.0, os-name@1.0.3, request@2.73.0, inquirer@0.10.1) ├── connect-phonegap@0.21.7 (home-dir@0.1.2, ip@0.3.1, connect-inject@0.3.2, adm -zip@0.4.7, walkdir@0.0.8, shelljs@0.2.6, request-progress@0.3.1, http-proxy@1.8 .1, useragent@2.0.8, localtunnel@1.3.0, node-static@0.7.0, gaze@0.4.3, tar@0.1.1 9, request@2.33.0, socket.io@1.4.6, archiver@0.14.3, connect@2.12.0) └── cordova@6.1.1 (underscore@1.7.0, q@1.0.1, ansi@0.3.1, nopt@3.0.1, update-not ifier@0.5.0, cordova-common@1.3.0, cordova-lib@6.1.1)

######################################################################## -> then i ran following commands: npm update minimatch@3.0.2 npm update lodash@3.0.0 npm update graceful@3.0.0

######################################################################## -> then installed cordova npm install -g cordova

######################################################################## -> isntalled phonegap npm install -g phonegap@latest

######################################################################## After all this i have checked both installed or not and i am following result: $ phonegap (node:7528) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.

How you use PhoneGap provides us with important data that we can use to make our products better. Please read our privacy policy for more information on the data we collect. http://www.adobe.com/privacy.html

Analytics is off. If you would like to turn analytics on, simply run phonegap analytics on

Usage: phonegap [options] [commands]

Description:

PhoneGap command-line tool.

Commands:

help [command] output usage information create create a phonegap project build build the project for a specific platform install install the project on for a specific platform run build and install the project for a specific platform platform [command] update a platform version plugin [command] add, remove, and list plugins template [command] list available app templates info display information about the project serve serve a phonegap project version output version number push send test push notification analytics turn analytics on or off, or view current status

Additional Commands:

local [command] development on local system remote [command] development in cloud with phonegap/build prepare copies www/ into platform project before compiling compile compiles platform project without preparing it emulate runs the project with the flag --emulator cordova execute of any cordova command

Options:

-d, --verbose allow verbose output -v, --version output version number -h, --help output usage information --no-update-notifier disable update notifier, to opt-out of update-notifier change the 'optOut' property to 'true' in ~/.config/configstore/update-notifier-phonegap.yml

Examples:

$ phonegap help create $ phonegap create path/to/my-app $ cd my-app/ $ phonegap run ios $ phonegap analytics on

######################################################################## $ cordova

You have been opted out of telemetry. To change this, run: cordova telemetry on. Synopsis

cordova command [options]

Global Commands create ............................. Create a project help ............................... Get help for a command telemetry .......................... Turn telemetry collection on or off

Project Commands info ............................... Generate project information requirements ....................... Checks and print out all the requirements for platforms specified

platform ........................... Manage project platforms
plugin ............................. Manage project plugins

prepare ............................ Copy files into platform(s) for building
compile ............................ Build platform(s)
clean .............................. Cleanup project from build artifacts

run ................................ Run project
                                        (including prepare && compile)
serve .............................. Run project with a local webserver
                                        (including prepare)

Learn more about command options using 'cordova help '

Aliases build -> cordova prepare && cordova compile emulate -> cordova run --emulator

Options -v, --version ...................... prints out this utility's version -d, --verbose ...................... debug mode produces verbose log output for all activity, --no-update-notifier ............... disables check for CLI updates --nohooks .......................... suppress executing hooks (taking RegExp hook patterns as parameters)

Examples cordova create myApp org.apache.cordova.myApp myApp cordova plugin add cordova-plugin-camera --save cordova platform add android --save cordova requirements android cordova build android --verbose cordova run android cordova build android --release -- --keystore="..\android.keystore" --storePassword=android --alias=mykey

[luannnh]

I got the same error.

[root@localhost leaflet-1.0.0-rc.1]# npm install -g jake
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
/opt/node-v6.3.0-linux-x64/bin/jake -> /opt/node-v6.3.0-linux-x64/lib/node_modules/jake/bin/cli.js
/opt/node-v6.3.0-linux-x64/lib
└─┬ jake@8.0.12
  ├── async@0.9.2
  ├─┬ chalk@0.4.0
  │ ├── ansi-styles@1.0.0
  │ ├── has-color@0.1.7
  │ └── strip-ansi@0.1.1
  ├─┬ filelist@0.0.4
  │ ├── minimatch@0.3.0
  │ └── utilities@0.0.37
  ├─┬ minimatch@0.2.14
  │ ├── lru-cache@2.7.3
  │ └── sigmund@1.0.1
  └── utilities@1.0.4

[root@localhost leaflet-1.0.0-rc.1]# npm -v
3.10.3
[root@localhost leaflet-1.0.0-rc.1]# node -v
v6.3.0
[root@localhost leaflet-1.0.0-rc.1]# npm ls minimatch
leaflet@1.0.0-rc.1 /opt/leaflet-1.0.0-rc.1
└── (empty)

[kenany]

@luannnh I think you mean to do npm ls -g minimatch?

[luannnh]

@KenanY: Actually, I'm trying to install Leaflet npm install -g jake and I got the same error npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

[AgNm]

Developers please help asap... most of the people are facing this issue... My bad... I'm unable to proceed...

[kenany]

@luannnh Sorry, I was referring to npm ls minimatch returning "(empty)". Anyways I don't see an error in your output, what you are seeing is a warning, which shouldn't interfere with installation (although of course it is generally a good idea to resolve a warning).

[Anurag0502]

Just type in "npm install -g minimatch@3.0.2" (Without the quotes). That will do

[boyzxshakil]

Thanks Anurag its working

[chipbk10]

No, it's not working @boyzxshakil. The warning shows up again when you come to install cordova.

[mathewjonn]

I have the same problem

[itskawsar]

I had this problem and solved by typing following command: npm install -g npm

The command basically will update your npm and hope it will solve your problem too. :)

[todor2810]

@itskawsar It didn't work for me. I even ran sudo npm cache clean -f just in case. I'm still seeing the same error.

[johnnysurf]

Thanks Anurag, worked for me. ;)

[ghost]

Didn't work for me :( I'm getting npm ERR! argv, errno-4058, etc

[kul1010]

Thanks Anurag!!!!! updated minimatch.......

[Trebohdz]

Far as I understand this warning message means that the module you want to install does not use an updated version of minimatch, completely dependent on developers, in my case it happened installing browsersync, but like I say it was only a warning.

[dumpling001]

I tried as @Anurag0502 's instruction,

$ npm install -g minimatch@3.0.2

minimatch@3.0.2 /Users/.../.nvm/versions/node/v4.4.7/lib/node_modules/minimatch └── brace-expansion@1.1.6 (balanced-match@0.4.2, concat-map@0.0.1)

then $ npm -v minimatch

2.15.8

next $ hexo init dumpling001.github.io

INFO Cloning hexo-starter to ~/Public/dumpling001.github.io fatal: destination path '/Users/.../Public/dumpling001.github.io' already exists and is not an empty directory. WARN git clone failed. Copying data instead INFO Install dependencies INFO Start blogging with Hexo!

The WARNING disappeared.

[boyzxshakil]

@chipbk10 I just follow the Anurag instruction and its work . you may uninstall npm then install it again . hope that will work .

[actechllc]

This is what I get: npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN install:q ENOENT: no such file or directory, rename 'C:\Users\asafc\AppData\Roaming\npm\node_modules\cordova\node_modules\cordova-fetch\node_modules\q' -> 'C:\Users\asafc\AppData\Roaming\npm\node_modules\cordova\node_modules\cordova-fetch\node_modules\q' q@1.4.1 node_modules\cordova\node_modules\cordova-fetch\node_modules\q -> node_modules\cordova\node_modules\cordova-fetch\node_modules\q

• C:\Users\asafc\AppData\Roaming\npm\node_modules\cordova\node_modules\cordova-fetch node_modules\cordova\node_modules\cordova-fetch C:\Users\asafc\AppData\Roaming\npm └── (empty)

npm ERR! code 1 C:\Users\asafc\Documents\GitHub\Winnerz-App> npm ls minimatch WinnerZ@ C:\Users\asafc\Documents\GitHub\Winnerz-App └─┬ rimraf@2.5.2 └─┬ glob@7.0.3 └── minimatch@3.0.0

I tried Anurag solution and it didn't work :(

Anyone???

[erhanyasar]

2952 same here, I even uninstalled npm and deleted the "node_modules" files even i don't know if it will cause another fault. It's not working till now even I got reinstalled and tried. Npm@twitter said it will be ok around today to update the packages hopefully...

[ankit007pandit]

same issue

npm install -g cordova ionic

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

waiting for solution i need to work on cordova,

please anyone can provide solution for this as soon as possible , i have deadline to meet

[sundeepNIIT]

Thanks Anurag its helped me.

[sundeepNIIT]

Hello Ankit, Solution listed above by Anurag "npm install -g minimatch@3.0.2" should work for you

[ankit007pandit]

@Sundeep

Thanks that worked

[kiingHongkong]

Thanks @itskawsar! I was trying to install jsHint

I had this problem and solved by typing following command: npm install -g npm

The command basically will update your npm and hope it will solve your problem too. :)

worked for me! cheers

[cgcb]

Guys, all you're doing when you issue npm -v minimatch is reporting back the version of NPM that's installed.

If you want to determine what version of a specific package is installed, you need to issue:

npm view minimatch version

To update to the most recent version of minimatch, issue:

npm update -g minimatch

[alsatian]

I wanted to update cordova and got the same error, tried all the above and it didn't work the only thing that worked for me was updating everything (all global packages)

npm update -g

which also updated cordova for me more here updating-global-packages

[yakiKobong]

this happened when i was trying to install ionic

[exonent]

Hi guys, if you want a solution:

unnistall al deprecated errors, as npm unnistall -g minimatch lodash cross-spawn-async etc... then go to CCleaner tool and clean "Registry" with all checkboxes. Finally use the same comand, but change unninstall -> install

[erhanyasar]

Pls stop repeating it's worked, it's bcs they updated and it doesn't fails anymore.

[IsraelSistemas]

Follow this steps please, this should works:

npm uninstall -g npm-check-updates npm install -g npm-check-updates npm cache clean npm install readable-stream -g npm uninstall cordova npm uninstall cordova -g npm cache clean npm install -g cordova