NPM Install Issues - Githubissues

Hello, I have a big issue when trying to install and run your application. I looked up on the web and did some research and it looks like there are some problems with the new npm (dependeny) versions!? I tried quite a few things, with npm audit fix and also with 3rd party updating-apps, but it will simply not work. NPM init actually creating more problems than fixing them...

Instead of more talking, I will maybe paste here the CMD Output and the log that was generetaded by npm.

Thanks in advance:

Microsoft Windows [Version 10.0.19043.1415]

C:\WINDOWS\system32>cd C:\Users\Pawel\Desktop\Ultimate-Comparision

C:\Users\Pawel\Desktop\Ultimate-Comparision>npm install --global ultimate-comparison npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated core-js@2.6.12: core-js@<3.4 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.

changed 590 packages, and audited 591 packages in 21s

16 packages are looking for funding run npm fund for details

16 vulnerabilities (3 low, 7 moderate, 6 high)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force

Run npm audit for details.

C:\Users\Pawel\Desktop\Ultimate-Comparision>npm audit fix npm ERR! code ERESOLVE npm ERR! ERESOLVE unable to resolve dependency tree npm ERR! npm ERR! While resolving: ultimate-comparison@2.0.0-alpha.32 npm ERR! Found: webpack@5.66.0 npm ERR! node_modules/webpack npm ERR! dev webpack@"^5.66.0" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer webpack@"^4.0.0" from uglifyjs-webpack-plugin@2.2.0 npm ERR! node_modules/uglifyjs-webpack-plugin npm ERR! dev uglifyjs-webpack-plugin@"^2.2.0" from the root project np 2022-01-13T15_23_45_243Z-debug.log m ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force, or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! See C:\Users\Pawel\AppData\Local\npm-cache\eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in: npm ERR! C:\Users\Pawel\AppData\Local\npm-cache_logs\2022-01-13T15_23_45_243Z-debug.log

C:\Users\Pawel\Desktop\Ultimate-Comparision>npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating gulp to 3.9.1,which is a SemVer major change. npm WARN audit Updating showdown to 1.9.0,which is a SemVer major change. npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: uglifyjs-webpack-plugin@2.2.0 npm WARN Found: webpack@5.66.0 npm WARN node_modules/webpack npm WARN peer webpack@"^5.30.0" from @ngtools/webpack@13.1.2 npm WARN node_modules/@ngtools/webpack npm WARN dev @ngtools/webpack@"^13.1.2" from the root project npm WARN 11 more (clean-webpack-plugin, copy-webpack-plugin, css-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@"^4.0.0" from uglifyjs-webpack-plugin@2.2.0 npm WARN node_modules/uglifyjs-webpack-plugin npm WARN dev uglifyjs-webpack-plugin@"^2.2.0" from the root project npm WARN npm WARN Conflicting peer dependency: webpack@4.46.0 npm WARN node_modules/webpack npm WARN peer webpack@"^4.0.0" from uglifyjs-webpack-plugin@2.2.0 npm WARN node_modules/uglifyjs-webpack-plugin npm WARN dev uglifyjs-webpack-plugin@"^2.2.0" from the root project npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x. npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5

added 113 packages, removed 134 packages, changed 36 packages, and audited 1328 packages in 7s

85 packages are looking for funding run npm fund for details

npm audit report

lodash <=4.17.20 Severity: critical Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 Prototype pollution in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm fix available via npm audit fix node_modules/globule/node_modules/lodash globule <=1.1.0 Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/globule gaze 0.4.0 - 1.0.0 Depends on vulnerable versions of globule node_modules/gaze glob-watcher <=2.0.0 Depends on vulnerable versions of gaze node_modules/glob-watcher

lodash.template <4.5.0 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 fix available via npm audit fix --force Will install gulp@4.0.2, which is a breaking change node_modules/lodash.template gulp-util >=1.1.0 Depends on vulnerable versions of lodash.template node_modules/gulp-util gulp 2.6.1 - 3.9.1 Depends on vulnerable versions of gulp-util Depends on vulnerable versions of vinyl-fs node_modules/gulp

mem <4.0.0 Severity: moderate Denial of Service in mem - https://github.com/advisories/GHSA-4xcv-9jjx-gfj3 fix available via npm audit fix --force Will install showdown@1.9.1, which is outside the stated dependency range node_modules/mem os-locale 2.0.0 - 3.0.0 Depends on vulnerable versions of mem node_modules/os-locale yargs 8.0.0-candidate.0 - 12.0.5 Depends on vulnerable versions of os-locale Depends on vulnerable versions of yargs-parser node_modules/showdown/node_modules/yargs showdown <=1.9.0 Depends on vulnerable versions of yargs node_modules/showdown

minimatch <3.0.2 Severity: high Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5 fix available via npm audit fix --force Will install gulp@4.0.2, which is a breaking change node_modules/glob-stream/node_modules/minimatch node_modules/globule/node_modules/minimatch glob 3.0.0 - 5.0.14 Depends on vulnerable versions of minimatch node_modules/glob-stream/node_modules/glob node_modules/globule/node_modules/glob glob-stream 0.2.0 - 5.2.0 Depends on vulnerable versions of glob Depends on vulnerable versions of minimatch node_modules/glob-stream vinyl-fs <=1.0.0 Depends on vulnerable versions of glob-stream node_modules/vinyl-fs gulp 2.6.1 - 3.9.1 Depends on vulnerable versions of gulp-util Depends on vulnerable versions of vinyl-fs node_modules/gulp globule <=1.1.0 Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/globule gaze 0.4.0 - 1.0.0 Depends on vulnerable versions of globule node_modules/gaze glob-watcher <=2.0.0 Depends on vulnerable versions of gaze node_modules/glob-watcher

serialize-javascript <=3.0.0 Severity: high Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94 Cross-Site Scripting in serialize-javascript - https://github.com/advisories/GHSA-h9rv-jmmf-4pgx fix available via npm audit fix --force Will install uglifyjs-webpack-plugin@1.1.2, which is a breaking change node_modules/uglifyjs-webpack-plugin/node_modules/serialize-javascript uglifyjs-webpack-plugin >=1.1.3 Depends on vulnerable versions of serialize-javascript node_modules/uglifyjs-webpack-plugin

showdown <=1.9.0 Severity: moderate Reverse Tabnabbing in showdown - https://github.com/advisories/GHSA-h6mq-3cj6-h738 Depends on vulnerable versions of yargs fix available via npm audit fix --force Will install showdown@1.9.1, which is outside the stated dependency range node_modules/showdown

yargs-parser 6.0.0 - 13.1.1 Severity: moderate Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp fix available via npm audit fix --force Will install showdown@1.9.1, which is outside the stated dependency range node_modules/showdown/node_modules/yargs-parser yargs 8.0.0-candidate.0 - 12.0.5 Depends on vulnerable versions of os-locale Depends on vulnerable versions of yargs-parser node_modules/showdown/node_modules/yargs showdown <=1.9.0 Depends on vulnerable versions of yargs node_modules/showdown

18 vulnerabilities (6 moderate, 5 high, 7 critical)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force

C:\Users\Pawel\Desktop\Ultimate-Comparision>npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating uglifyjs-webpack-plugin to 1.1.2,which is a SemVer major change. npm WARN audit Updating gulp to 4.0.2,which is a SemVer major change. npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: uglifyjs-webpack-plugin@1.1.2 npm WARN Found: webpack@5.66.0 npm WARN node_modules/webpack npm WARN peer webpack@"^5.30.0" from @ngtools/webpack@13.1.2 npm WARN node_modules/@ngtools/webpack npm WARN dev @ngtools/webpack@"^13.1.2" from the root project npm WARN 11 more (clean-webpack-plugin, copy-webpack-plugin, css-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@"^2.0.0 || ^3.0.0" from uglifyjs-webpack-plugin@1.1.2 npm WARN node_modules/uglifyjs-webpack-plugin npm WARN dev uglifyjs-webpack-plugin@"1.1.2" from the root project npm WARN npm WARN Conflicting peer dependency: webpack@3.12.0 npm WARN node_modules/webpack npm WARN peer webpack@"^2.0.0 || ^3.0.0" from uglifyjs-webpack-plugin@1.1.2 npm WARN node_modules/uglifyjs-webpack-plugin npm WARN dev uglifyjs-webpack-plugin@"1.1.2" from the root project npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated uglify-es@3.3.9: support for ECMAScript is superseded by uglify-js as of v3.13.0

added 134 packages, removed 113 packages, changed 36 packages, and audited 1349 packages in 5s

85 packages are looking for funding run npm fund for details

npm audit report

ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via npm audit fix node_modules/showdown/node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/showdown/node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of wrap-ansi node_modules/showdown/node_modules/cliui yargs 10.1.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of string-width node_modules/showdown/node_modules/yargs showdown >=1.9.1 Depends on vulnerable versions of yargs node_modules/showdown string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/showdown/node_modules/string-width wrap-ansi 3.0.0 - 6.1.0 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/showdown/node_modules/wrap-ansi

glob-parent <5.1.2 Severity: high Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via npm audit fix --force Will install gulp@3.9.1, which is a breaking change node_modules/glob-stream/node_modules/glob-parent node_modules/glob-watcher/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/glob-watcher/node_modules/chokidar glob-watcher >=3.0.0 Depends on vulnerable versions of chokidar node_modules/glob-watcher glob-stream 5.3.0 - 6.1.0 Depends on vulnerable versions of glob-parent node_modules/glob-stream vinyl-fs >=2.4.2 Depends on vulnerable versions of glob-stream node_modules/vinyl-fs gulp >=4.0.0 Depends on vulnerable versions of vinyl-fs node_modules/gulp

ssri 5.2.2 - 6.0.1 Severity: high Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq fix available via npm audit fix node_modules/uglifyjs-webpack-plugin/node_modules/ssri cacache 10.0.4 - 11.0.0 Depends on vulnerable versions of ssri node_modules/uglifyjs-webpack-plugin/node_modules/cacache

15 vulnerabilities (7 moderate, 8 high)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force

C:\Users\Pawel\Desktop\Ultimate-Comparision>npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating gulp to 3.9.1,which is a SemVer major change. npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: uglifyjs-webpack-plugin@1.1.2 npm WARN Found: webpack@5.66.0 npm WARN node_modules/webpack npm WARN peer webpack@"^5.30.0" from @ngtools/webpack@13.1.2 npm WARN node_modules/@ngtools/webpack npm WARN dev @ngtools/webpack@"^13.1.2" from the root project npm WARN 11 more (clean-webpack-plugin, copy-webpack-plugin, css-loader, ...) npm WARN npm WARN Could not resolve dependency: npm WARN peer webpack@"^2.0.0 || ^3.0.0" from uglifyjs-webpack-plugin@1.1.2 npm WARN node_modules/uglifyjs-webpack-plugin npm WARN dev uglifyjs-webpack-plugin@"^1.1.2" from the root project npm WARN npm WARN Conflicting peer dependency: webpack@3.12.0 npm WARN node_modules/webpack npm WARN peer webpack@"^2.0.0 || ^3.0.0" from uglifyjs-webpack-plugin@1.1.2 npm WARN node_modules/uglifyjs-webpack-plugin npm WARN dev uglifyjs-webpack-plugin@"^1.1.2" from the root project npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x. npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5

added 76 packages, removed 126 packages, changed 14 packages, and audited 1299 packages in 7s

85 packages are looking for funding run npm fund for details

npm audit report

ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via npm audit fix node_modules/showdown/node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/showdown/node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of wrap-ansi node_modules/showdown/node_modules/cliui yargs 10.1.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of string-width node_modules/showdown/node_modules/yargs showdown >=1.9.1 Depends on vulnerable versions of yargs node_modules/showdown string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/showdown/node_modules/string-width wrap-ansi 3.0.0 - 6.1.0 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/showdown/node_modules/wrap-ansi

lodash <=4.17.20 Severity: critical Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 Prototype pollution in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm fix available via npm audit fix node_modules/globule/node_modules/lodash globule <=1.1.0 Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/globule gaze 0.4.0 - 1.0.0 Depends on vulnerable versions of globule node_modules/gaze glob-watcher <=2.0.0 Depends on vulnerable versions of gaze node_modules/glob-watcher

lodash.template <4.5.0 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 fix available via npm audit fix --force Will install gulp@4.0.2, which is a breaking change node_modules/lodash.template gulp-util >=1.1.0 Depends on vulnerable versions of lodash.template node_modules/gulp-util gulp 2.6.1 - 3.9.1 Depends on vulnerable versions of gulp-util Depends on vulnerable versions of vinyl-fs node_modules/gulp

minimatch <3.0.2 Severity: high Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5 fix available via npm audit fix --force Will install gulp@4.0.2, which is a breaking change node_modules/glob-stream/node_modules/minimatch node_modules/globule/node_modules/minimatch glob 3.0.0 - 5.0.14 Depends on vulnerable versions of minimatch node_modules/glob-stream/node_modules/glob node_modules/globule/node_modules/glob glob-stream 0.2.0 - 5.2.0 Depends on vulnerable versions of glob Depends on vulnerable versions of minimatch node_modules/glob-stream vinyl-fs <=1.0.0 Depends on vulnerable versions of glob-stream node_modules/vinyl-fs gulp 2.6.1 - 3.9.1 Depends on vulnerable versions of gulp-util Depends on vulnerable versions of vinyl-fs node_modules/gulp globule <=1.1.0 Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/globule gaze 0.4.0 - 1.0.0 Depends on vulnerable versions of globule node_modules/gaze glob-watcher <=2.0.0 Depends on vulnerable versions of gaze node_modules/glob-watcher

ssri 5.2.2 - 6.0.1 Severity: high Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq fix available via npm audit fix node_modules/uglifyjs-webpack-plugin/node_modules/ssri cacache 10.0.4 - 11.0.0 Depends on vulnerable versions of ssri node_modules/uglifyjs-webpack-plugin/node_modules/cacache

20 vulnerabilities (7 moderate, 6 high, 7 critical)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force

ultimate-comparisons / ultimate-comparison-framework

NPM Install Issues #161

npm audit report

npm audit report

npm audit report