inspector icon indicating copy to clipboard operation
inspector copied to clipboard
verified publisher icon modelcontextprotocol

error code ECOMPROMISED - npm error Lock compromised

Open eliassal opened this issue 2 months ago • 4 comments

Inspector Version

Trying to install for 1st time

Image

Describe the bug Run npx @modelcontextprotocol/inspector To Reproduce Steps to reproduce the behavior:

Run npx @modelcontextprotocol/inspector Expected behavior Inspector should be launched

Screenshots

Image

Environment (please complete the following information):

  • OS: win 10 64bit
  • Browser Edge

Here is the log for npm-cache_logs\2025-10-29T11_18_21_143Z-debug-0.log

1386 verbose stack Error: Lock compromised 1386 verbose stack at AbortSignal. (.......AppData\Roaming\nvm\v25.0.0\node_modules\npm\node_modules\libnpmexec\lib\with-lock.js:52:30) 1386 verbose stack at [nodejs.internal.kHybridDispatch] (node:internal/event_target:845:20) 1386 verbose stack at AbortSignal.dispatchEvent (node:internal/event_target:778:26) 1386 verbose stack at runAbort (node:internal/abort_controller:488:10) 1386 verbose stack at abortSignal (node:internal/abort_controller:459:3) 1386 verbose stack at AbortController.abort (node:internal/abort_controller:507:5) 1386 verbose stack at Timeout.touchLock (........\AppData\Roaming\nvm\v25.0.0\node_modules\npm\node_modules\libnpmexec\lib\with-lock.js:161:18) 1387 error code ECOMPROMISED 1388 error Lock compromised 1389 silly unfinished npm timer reify 1761736705161 1390 silly unfinished npm timer reify:createSparse 1761736707714 1391 verbose cwd C:\Projects\WindowsScripts\PS\Scripts 1392 verbose os Windows_NT 10.0.19045 1393 verbose node v25.0.0 1394 verbose npm v11.6.2 1395 verbose exit 1 1396 verbose code 1 1397 error A complete log of this run can be found in: C:\Users\salam.SALAM\AppData\Local\npm-cache_logs\2025-10-29T11_18_21_143Z-debug-0.log

eliassal avatar Oct 29 '25 11:10 eliassal

Hi @eliassal! I think this ECOMPROMISED error could be a side effect from npm's enhanced security checks. The inspector package itself is not compromised.

Try these steps:

  1. Clear npm cache and locks:
   npm cache clean --force
  1. Remove stale npx cache (Windows):
   rmdir /s /q "%LOCALAPPDATA%\npm-cache\_npx"
  1. Try again:
   npx @modelcontextprotocol/inspector@latest

If that doesn't work, try forcing a fresh install:

npx --yes @modelcontextprotocol/inspector@latest

olaservo avatar Nov 03 '25 04:11 olaservo

Hi @olaservo , I ran the cache clean and rmdir then both commands in step 3 and 4, got the exact same error

Image

eliassal avatar Nov 04 '25 09:11 eliassal

I've also been noticing this quite frequently with the MCP Inspector package for aspire during out CI builds (eg: https://github.com/CommunityToolkit/Aspire/actions/runs/19124005873/job/54650441604?pr=914)

The CI job will dump the npm logs with max verbosity enabled:

2025-11-06T03_44_16_226Z-debug-0.log

aaronpowell avatar Nov 06 '25 04:11 aaronpowell

this is due to a regression in npm, and a fix will be out soon. in the meantime you could use [email protected]

jenseng avatar Nov 15 '25 00:11 jenseng