npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

[AgNm]

I'm opening this issue because:

• [ ] npm is doing something I don't understand.

  What's going wrong?

I'm getting above warning while installing cordova. How I can resolve it?

How can the CLI team reproduce the problem?

1. Install nodejs from https://nodejs.org/en/ (v6.3.0 Current)
2. Go to cmd
3. Then run $ sudo npm install -g cordova

When I'm running command "$npm install -g cordova", I'm getting below warning :

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN checkPermissions Missing write access to /Users/test/npm/lib/node_modules/cordova npm WARN checkPermissions Missing write access to /Users/test/npm/lib/node_modules

And Below errors : npm ERR! Please try running this command again as root/Administrator. npm ERR! Please include the following file with any support request: npm ERR! /Users/SIPL218/npm-debug.log

supporting information:

I'm using latest version :

• npm -v prints: 3.10.3
• node -v prints: v6.3.0
• npm config get registry prints: https://registry.npmjs.org/
• Windows, OS X, or Linux?: OS X

[RodrigoRMG]

The only way that I can resolve this was reinstalling node :/

[IshanDemon]

Try this:

$ npm update minimatch
$ npm -v minimatch
$ npm install -g npm@3
$ npm -v minimatch

[hiteshkumar2187]

Thanks @Anurag0502 that worked for me as well

[cheyschneider]

@IshanDemon thank you. That worked for me. I appreciate it!

[ozcanyarimdunya]

1. npm update
2. npm update -g
3. npm -v minimatch

This worked for me!

[AlexLearnsGitHub]

@ozcaan11 note that, as mentioned by @cgcb, "npm -v minimatch" does not do what you expect it to do.

[martinsk09]

Hello I had the same problem, this is how I solved it run npm install -g npm after the update run your command again

[SrinivasanBalan]

Hello i tried all above which is mentioned but still i got same error - to run this npm intall -g protractor

[SrinivasanBalan]

Please any one to help this

[spyshow]

hi i have the same error minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue even when i run the npm ls -g minimatch it give me minimatch 3.0.2

[JagatheswaranSelvakumar]

Hi All,

I have the same error. Which listing when i did this command npm ls -g minimatch minimatch@3.0.2 ├─┬ npm@3.10.7 │ ├─┬ fstream-npm@1.1.1 │ │ └─┬ fstream-ignore@1.0.5 │ │ └── minimatch@3.0.3 │ ├─┬ glob@7.0.5 │ │ └── minimatch@3.0.3 │ ├─┬ init-package-json@1.9.4 │ │ └─┬ glob@6.0.4 │ │ └── minimatch@3.0.3 │ ├─┬ node-gyp@3.4.0 │ │ └── minimatch@3.0.3 │ └─┬ read-package-json@2.0.4 │ └─┬ glob@6.0.4 │ └── minimatch@3.0.3 └─┬ protractor@4.0.8 ├─┬ glob@7.1.0 │ └── minimatch@3.0.3 └─┬ jasmine@2.4.1 └─┬ glob@3.2.11 └── minimatch@0.3.0

npm install -g protractor npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

[prashmi9]

Hi I am facing same problem. I uninstall node and npm and re-installed, after this I was able to update minimatch 3.10.8

npm -v minimatch
3.10.8

When I run sudo npm install -g cordova I still get same error. npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

Then I tried npm ls minimatch and get this

/usr/local/bin
└── (empty)

npm ERR! code 1

I am unable to install cordova despite of having all latest versions. Please help.

[kul1010]

@prashmi9 , @JagatheswaranSelvakumar

use below command to particular App/project directory in which you want to install

npm install minimatch@3.0.2

or globally use -g npm install -g minimatch@3.0.2

where 3.0.2 is latest version name. you can change it according to error

[tevinmickens]

You may need to change your npm permissions. This worked for me!

[macheema]

list dependencies for minimatch

npm ls minimatch

├─┬ karma@0.13.22 │ └── minimatch@3.0.3 └─┬ protractor@3.3.0 ├─┬ glob@6.0.4 │ └── minimatch@3.0.3 ├─┬ jasmine@2.4.1 │ └─┬ glob@3.2.11 │ └── minimatch@0.3.0 └─┬ selenium-webdriver@2.52.0 └─┬ rimraf@2.5.4 └─┬ glob@7.1.1 └── minimatch@3.0.3

here it is deprecated dependency of minimatch goto yourApp/node_modules/protractor/node_modules/jasmine/node_modules/glob

Open package.json file and update minimatch dependency to higher version

and reinstall package.

If you face dependency compatibility issue google current supported version of node-modules

[usos0k]

Try npm install minimatch@latest

[tiagosardi]

thanks, @Anurag0502.

[anasabufarraj]

Hey guys just do this to update the mismatch:

$ npm install -g npm@latest (6.8.1 remommended) $npm install -g minimatch@latest $npm install -g cordova

No issue should arise..

[Shakyamuni177te]

This also happens with forever.js. Unfortunately, though it's been fixed at the forever-monitor dependency level, the forever library has not updated to the latest version, and any pull requests updating the forever library to use the latest forever-monitor, with the latest version of minimatch, seem to fail the Travis Continuous Integration tests at present...

More generally: the proper solution to this is for all libraries utilising minimatch to update their dependencies. If this does not happen (unlikely given the number of dependent repos) then the solutions offered, e.g.:

sudo npm install -g npm

and

sudo npm install -g minimatch

Will work, but:

Note that as it stands if anyone runs npm install from a cloned version of your repository they will end up with the old, vulnerable version of minimatch and will see the error message warning them of a vulnerability.

Thus I would suggest anyone with a dependency that's throwing this error should add a line in any README.md or similar, suggesting users of your repo run:

sudo npm install -g npm

and

sudo npm install -g minimatch

If the majority of people do this we should avoid a potential community-wide security problem.

[ranjithsiji]

Done these things

$ npm install -g npm@latest (6.8.1 remommended)
$npm install -g minimatch@latest
$npm install -g cordova

But another error

npm WARN update-linked node_modules/minimatch/node_modules/brace-expansion needs updating to 1.1.6 from 1.1.3 but we can't, as it's a symlink

What to do

[cmabdullah]

Minimatch version has updated by me but still warn!!!

$ npm view minimatch version 3.0.3 $ npm install -g gulp npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree. C:\Users\nazmul\AppData\Roaming\npm\gulp -> C:\Users\nazmul\AppData\Roaming\npm\node_modules\gulp\bin\gulp.js C:\Users\nazmul\AppData\Roaming\npm `-- gulp@3.9.1

[ghost]

I don't think there is anything you can do about the minimatch warnings. As far as I'm aware, there are dependencies within gulp that use specific old versions of minimatch, so updating the installed version won't help.

Ryan Waldman

---

From: C M Abdullah Khan [notifications@github.com] Sent: Sunday, November 27, 2016 7:27 AM To: npm/npm Cc: Ryan Waldman; Manual Subject: Re: [npm/npm] npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue (#13323)

Minimatch version has updated by me but still warn!!!

$ npm view minimatch version 3.0.3 $ npm install -g gulp npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree. C:\Users\nazmul\AppData\Roaming\npm\gulp -> C:\Users\nazmul\AppData\Roaming\npm\node_modules\gulp\bin\gulp.js C:\Users\nazmul\AppData\Roaming\npm `-- gulp@3.9.1

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/npm/npm/issues/13323#issuecomment-263119556, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVLRCyR7HOEAIaNO6gVw55OWT8xm_TU9ks5rCXc_gaJpZM4JHxYf.

[cmabdullah]

Still WARN!!!! How i fix it? $ npm install -g npm@latest C:\Users\nazmul\AppData\Roaming\npm\npm -> C:\Users\nazmul\AppData\Roaming\npm\node_modules\npm\bin\npm-cli.js C:\Users\nazmul\AppData\Roaming\npm `-- npm@4.0.2

$ npm install -g minimatch@3.0.2 C:\Users\nazmul\AppData\Roaming\npm `-- minimatch@3.0.2

$ npm install -g graceful-fs@^4.0.0 C:\Users\nazmul\AppData\Roaming\npm `-- graceful-fs@4.1.11

$ gulp --version [20:47:02] CLI version 3.9.1

$ npm install -g gulp npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree. C:\Users\nazmul\AppData\Roaming\npm\gulp -> C:\Users\nazmul\AppData\Roaming\npm\node_modules\gulp\bin\gulp.js C:\Users\nazmul\AppData\Roaming\npm `-- gulp@3.9.1

[englishextra]

@disneythunder

npm -g ls minimatch

npm -g update npm

[cmabdullah]

Still WARN!!!!

$ npm -g ls minimatch C:\Users\nazmul\AppData\Roaming\npm +-- cordova@6.4.0 | +-- cordova-common@1.5.1 | | -- minimatch@3.0.3 |-- cordova-lib@6.4.0 | -- npm@2.15.11 |-- minimatch@3.0.3 +-- gulp@3.9.1 | -- vinyl-fs@0.3.14 | +-- glob-stream@3.1.18 | |-- minimatch@2.0.10 | -- glob-watcher@0.0.6 |-- gaze@0.5.2 | -- globule@0.1.0 |-- minimatch@0.2.14 +-- minimatch@3.0.2 -- npm@4.0.2 +-- fstream-npm@1.2.0 |-- fstream-ignore@1.0.5 | -- minimatch@3.0.3 +-- glob@7.1.1 |-- minimatch@3.0.3 +-- init-package-json@1.9.4 | -- glob@6.0.4 |-- minimatch@3.0.3 +-- node-gyp@3.4.0 | -- minimatch@3.0.3 -- read-package-json@2.0.4 -- glob@6.0.4 -- minimatch@3.0.3

$ npm install -g gulp npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree. C:\Users\nazmul\AppData\Roaming\npm\gulp -> C:\Users\nazmul\AppData\Roaming\npm\node_modules\gulp\bin\gulp.js

[yefuchao]

$ npm install -g npm It can work .

[ghost]

I lost 1 day to solve it, but finally i get it. 1 - uninstall ionic ( $sudo npm uninstall ionic ) * -> if use ionic 2 - uninstall cordova ( $sudo npm uninstall cordova ) <-- this is most important 3 - uninstall nodejs or reinstall new version 4 - install cordova ( $sudo npm install -g cordova) 5 - install ionic ( $sudo npm install - g ionic@beta <-- i get it and run normally) 6 - teste your node version ( $node -v ) 7 - teste your npm version ( $npm -v )

by now, you must use command in your terminal with (sudo / root-Administrator / todo) I do this way, try the same and look if it work.

[Ravirajadrangi]

Create a new angulardata folder and do npm install and its done.

[FrontPaw-Dev]

I thought I'd join the conversation for those who may not have found the correct solution yet. Granted, I am new to using the command line prompt for front-end development and using it to install Command line front-end dev tools. I received the same warning errors as everyone else when I was trying to install Gulp via the command line. This is how I found this thread.

However, when I was I typed in "sudo npm install -g gulp-cli" without the quotes, and hit return, I received no errors at all.

The key was adding the -cli to the end of gulp. Now I can not say this will be successful for all of the task runners everyone here are trying to install, but it worked for me.

I was watching a tutorial from Morton on using sass with -underscores and noticed when he was installing grunt globally, he added the -cli. On a hunch, I thought maybe it will work with gulp since they are almost the same and it installed without any errors. I'd be curious if this helps everyone since this is my first attempt at contributing back to the community. I'd appreciate updates in your comments if it solved your problems like it did mine.

At the end of the day, sometimes we are so deep into our own code we over think what sometimes ends up being a simple solution.

[ErisoHV]

This worked for me: npm install -g npm

[legodude17]

@SwapnilAkolkar please be more respectful. Also, what you are saying is not related to npm.

[wellington1993]

I think the problem is related to specific packages dependencies for example embler-cli:

➜  sudo npm install -g ember-cli  
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
/usr/local/bin/ember -> /usr/local/lib/node_modules/ember-cli/bin/ember
/usr/local/lib
└── ember-cli@2.12.0

[iagofrota]

Thanks Anurag, worked for me!

[valeroAlbatera]

Hi Everybody!!

I'm trying to fix this problem, but I cant do it!! I tried all the options that the people commented here, but any work it for me, some help, please?

[anshuldawar]

Same Problem

[braianj]

Hello same problem here look at this

$ sudo npm install -g ionic
Password:
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated node-uuid@1.3.3: Use uuid module instead
/usr/local/lib
└── (empty)

npm WARN In ionic@2.2.2 replacing bundled version of mime-types with mime-types@2.0.14
npm WARN In ionic@2.2.2 replacing bundled version of cross-spawn with cross-spawn@4.0.2
npm WARN In ionic@2.2.2 replacing bundled version of semver with semver@4.2.0
npm WARN In ionic@2.2.2 replacing bundled version of form-data with form-data@0.2.0
npm WARN In ionic@2.2.2 replacing bundled version of request with request@2.51.0
npm WARN In ionic@2.2.2 replacing bundled version of ionic-app-lib with ionic-app-lib@2.2.1
npm ERR! path /usr/local/lib/node_modules/.staging/ansi-392b32ed
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall rename
npm ERR! enoent ENOENT: no such file or directory, rename '/usr/local/lib/node_modules/.staging/ansi-392b32ed' -> '/usr/local/lib/node_modules/ionic/node_modules/cordova-lib/node_modules/ansi'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.

but minimatch version is this one

$ npm view minimatch version
3.0.3

I've reinstalled npm, and trying to install ionic but i can't

[kul1010]

Again install as below:- $ sudo npm i -g minimatch@3.0.2 // where 3.0.2 is version // here i stands for install $ sudo npm i -g ionic

[LuisSanviti]

Hi everybody, I'm desperate. Tried everything I've read here. I uninstalled everyting and started all again. Nothing. Always the same errore. Need desperately help!

[braianj]

Hi @LuisSanviti do as @kul1010 said. It works a bit, but still will get the warning

[LuisSanviti]

Thank you braianj. I already tried it and it still doesn't work.

[braianj]

@LuisSanviti try this

$ rm -rf node_modules
$ sudo npm cache clean
$ npm i

[legodude17]

@kul1010 That is not helpful.

@LuisSanviti If your problem is that same as the original ticket, then your install will still succeed, it is a warning not an error.

[r2c0der]

Yep same problem and thank you all for your suggestions but it doesn't resolve the error.

[legodude17]

@r2c0der the only good way to solve this is to bug the author the package using an old version of minimatch. Find it with npm ls minimatch.

[subodhbrahmi]

Still running into issues:

$ npm ls minimatch /Users/ └── (empty)

npm ERR! code 1

$ npm -v minimatch 3.10.10

$ npm view minimatch version 3.0.3

Still when installing generator-express-sidecar it throws

$ npm i -g generator-express-sidecar npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue /usr/local/lib └── generator-express-sidecar@1.1.0

[kul1010]

@subodhbrahmi use like below. And its warning only. still you can do this.

$ sudo npm i -g minimatch@3.0.2

or $ npm i -g minimatch@3.0.2

or for command prompt

npm i -g minimatch@3.0.2

[subodhbrahmi]

@kul1010 Tried already, didnt work. Even though it is a warning, it still doesnt do it.

[kul1010]

tell me OS name also paste error print screen here.

[subodhbrahmi]

OS - 10.12.4

[kul1010]

I think, you have installed minimatch version 3.0.2 successfully. Its warning only not an error. And you can work with your project. If you are not satisfied then first uninstall minimatch and again install it. $ sudo npm uninstall -g minimatch $ sudo npm i -g minimatch@3.0.2 or upgrade your npm version to latest $ sudo npm install npm@latest -g