firebase-tools
firebase-tools copied to clipboard
firebase
npm WARN deprecated [email protected]: request has been deprecated
I am trying to run "npm install -g firebase-tools" command on linux OS but it gives me the above error every time.On the other hand when I try to run "npx create-react-app app-name" command, it works fine. I searched the solution on the internet but did not find any acceptable solution. Is there any way to fix this problem.
@sadhon thanks for reporting this! The request module is one of the most popular libraries in the whole ecosystem so the deprecation has hit almost everyone, including us.
@bkendall is already working on removing request from firebase-tools.
Right now you do not need to worry about this, it's not a security vulnerability and we expect it to be fixed in a future version.
@samtstern I re-executed global install command and sorry, that one is a WARN, problem is @sindresorhus%2fis
npm -g install [email protected]
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.1.2 (node_modules\firebase-tools\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/@sindresorhus%2fis - Not found
npm ERR! 404
npm ERR! 404 '@sindresorhus/is@^0.14.0' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of 'got'
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
You need full log?
That's a global ongoing npm issue today, please see:
https://status.npmjs.org/incidents/cksjqc1w11v5
The issue is still not resolved I'm tried almost 100 times still same error unable to install firebase-tools
You may need to run npm cache clean to clear out any bad URLs you an into during the outage (untested, but that would be what I would do)
As of npm@5,
the npm cache self-heals from corruption issues and data extracted from the cache is guaranteed to be valid.
If you want to make sure everything is consistent, use 'npm cache verify' instead.
...after npm cache verify I was able to install ๐
npm WARN deprecated [email protected]: this library is no longer supported npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 I got this output after typing the command "npm install --global surge". I tried "npm cache verify" like some of you did, but for me it doesn't solve the problem I again get these outputs. Can someone help me?
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated [email protected]: this library is no longer supported npm WARN deprecated [email protected]: cross-spawn no longer requires a build toolchain, use it instead npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated /home/ubuntu/npm/bin/yo -> /home/ubuntu/npm/lib/node_modules/yo/lib/cli.js /home/ubuntu/npm/bin/yo-complete -> /home/ubuntu/npm/lib/node_modules/yo/lib/completion/index.js
[email protected] postinstall /home/ubuntu/npm/lib/node_modules/yo yodoctor
Yeoman Doctor Running sanity checks on your system
โ No .bowerrc file in home directory โ Global configuration file is valid โ NODE_PATH matches the npm root
Unable to find the npm root, something went wrong. Try to execute npm -g root --silent on your command-line
โ No .yo-rc.json file in home directory โ Node.js version { Error: Couldn't find the 'yo' binary. Make sure it's installed and in your $PATH at Process.ChildProcess._handle.onexit (internal/child_process.js:240:19) at onErrorNT (internal/child_process.js:415:16) at process._tickCallback (internal/process/next_tick.js:63:19) errno: 'ENOENT', code: 'ENOENT', syscall: 'spawn yo', path: 'yo', spawnargs: [ '--version' ], cmd: 'yo --version' } โ yo version { Error: Couldn't find the 'yo' binary. Make sure it's installed and in your $PATH at Process.ChildProcess._handle.onexit (internal/child_process.js:240:19) at onErrorNT (internal/child_process.js:415:16) at process._tickCallback (internal/process/next_tick.js:63:19) errno: 'ENOENT', code: 'ENOENT', syscall: 'spawn yo', path: 'yo', spawnargs: [ '--version' ], cmd: 'yo --version' } โ npm version
Found potential issues on your machine :(
- [email protected] updated 1 package in 18.362s
### please help me with this error
try to install npm new version i try with that and work!! command: npm install -g npm
@samtstern Any news about this?
To help you, jsdom (used in JEST) has gone through a similar re-engineering, and landed on node-fetch. Their solution is coming up soon, leaving firebase-tools the only tool I use that still brings up this warning.
From a developer point of view, it's annoying that there will likely be great announcements on Google IO while an issue like this is still open. Also maintenance is important. ๐งน
Current situation:
$ npm init
...
$ npm install -D firebase-tools
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
added 710 packages, and audited 711 packages in 19s
28 packages are looking for funding
run `npm fund` for details
4 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
Related: @firebase/rules-unit-testing has the same issue: https://github.com/firebase/firebase-js-sdk/issues/3009
It's true that request is deprecated but that doesn't mean it's in any way dangerous! There is nothing related to request or its dependencies in our npm audit report. I have just sent out a PR to significantly clear up our npm audit report:
https://github.com/firebase/firebase-tools/pull/3368
We have made a decision not to rush and try to remove request from the codebase all at once as that will almost certainly introduce bugs. Instead we are moving away piece-by-piece as we fix other things.
If anyone wants to pick a part of this codebase and remove request, PRs are welcome!
I'm not very worried about it either - and it's reassuring just to know you're taking it away, alongside other work.
The audits are a bigger concern, and I'm glad to see the PR you mention.
given that fetch is now built right in to nodejs deno and workers i think that you should aim at using fetch instead, wether it comes from node-fetch undici or node itself... using something like axios isn't good as it dose not work in workers and dose not support streaming.
It seems, while removing deprecated packages, uuid is an easy update as well as debug. These warnings have been hanging around too long. They give SecOps teams heartburn.
โฏ npm -g install [email protected]
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
Update on this:
This is on our radar, and we've stopped using this dependency almost everywhere in the codebase. However, the functions:shell command, which provides a REPL for testing out your functions, exposes request as part of its public API, so we cannot easily remove request without making a breaking change. Next time we release a major version, we plan to make this change & remove request - however, for now, hold tight and rest assured that this package is minimally used in firebase-tools
It's been nearly 3 years since this issue was posted, when will the dependencies be removed...?
There's now a moderate security issue on the deprecated request package, which I assume will never be fixed. Is there a timeline for removing the last remaining request package usage?
request is only used in functions:shell any more. Changing the interface there is non-trivial, since it exposed request's interface. But, nowhere else in the code do we use request. We're aware of the warning and are trying to prioritize fixing functions:shell, but don't have an ETA to share yet.
request is affected by 2 vulnerabilities :
- moderate Server-Side Request Forgery, more info: https://www.npmjs.com/advisories/1091725
- moderate tough-cookie Prototype Pollution vulnerability, more info: https://www.npmjs.com/advisories/1092448
