Facing error when 'npm install'

[SSk123]

I did rm-rf node_nodules and npm install in my root directory, I am facing this issue in colorthief package.

Within node_modules/colorthief/package.json there is a dependency getting loaded "quantize": "github:lokesh/quantize" which seems to be causing this error.

I am using node -v v12.16.1 and "colorthief": "^2.3.2" Any help in resolution is highly appreciated.

[Britt00]

I had the same issue. Currently using node v12.18.3. By downgrading to "colorthief": "^2.2.0" everything worked again. I did not try any other versions.

[RoyalIcing]

This also caused a problem for me. I believe publishing the fork lokesh/quantize as its own npm package would solve the problem, instead of referencing from github. I also had to downgrade to 2.2.0

[brightsider]

@lokesh can you fix it?

[dreamerblue]

Please publish a npm package instead of using github:lokesh/quantize. It will cause issues.

[taejs]

That needs fixing. @lokesh

[aChudinov]

@lokesh Now it's a critical issue https://github.blog/2021-09-01-improving-git-protocol-security-github/

[erisontavares]

we are also facing the same issue when deploying, npm install fails on the server because of this dependency

[coldrainc]

Need to publish quantize @lokesh

[forgowhisky]

still having this issue @lokesh

[pioug]

I created a monorepo with colorthief including some (abandoned) dependencies that needed an update too. It's not super classy to share it here but we are losing so much time collectively trying to fix this. Please head over to https://github.com/pioug/colorsuite. If anyone is interested in keeping the project/repository alive, ping me there, I'll add you as a maintainer.

npm install colorthief@npm:@pioug/colorthief