Depedabot failing to map npm package.json depenedncy tree after upgrading to lockfile version 3 #48687
Replies: 2 comments
-
I'm having the same issue after upgrading my node version along with React native 72.3. Did you manage to find a solution? |
Beta Was this translation helpful? Give feedback.
-
Hi @Senderek and @dsipahioglu Verify npm registry configuration: Double-check your npm registry configuration to ensure it is correctly set up to use the MyGet registry and token for the npm ecosystem. Make sure the registry URL and authentication token are accurate and properly configured in your project. Check for compatibility issues: While upgrading Node.js and npm to the latest LTS versions is generally a good practice, it's possible that there may be compatibility issues with certain packages or dependencies in your project. Review the release notes and documentation for the packages you are using to see if there are any known compatibility issues with the latest Node.js or npm versions. If so, consider downgrading Node.js and/or npm to a version that is known to work well with your project dependencies. Verify access to the MyGet registry: Ensure that you have the necessary access and permissions to the MyGet registry to fetch the required packages. Check if the registry URL and token are correct and grant the appropriate permissions if needed. Verify that you can access the registry and retrieve packages manually using the npm CLI with the configured registry. Resolve the 404 errors: The 404 errors you are encountering indicate that npm is unable to find packages in the MyGet registry. Verify that the package names mentioned in the errors (axios, sass, etc.) exist in the registry and are accessible to your project. If the packages are not available or have different names, you may need to update your project's dependencies accordingly. Review and update your dependency configuration: Check your project's package.json file and ensure that all dependencies and their versions are correctly specified. Make sure that the package names, versions, and sources (including the MyGet registry) are accurate. Update any incorrect or outdated dependency entries. Clear npm cache: Sometimes, issues with fetching packages can be due to a corrupted npm cache. Try clearing the npm cache by running the command npm cache clean --force and then retrying the update and dependency checks. Temporarily disable legacy-peer-deps: While you mentioned that you have legacy-peer-deps=true set in your .npmrc, it's worth temporarily disabling this setting to see if it resolves the issues. This flag is used to enable compatibility with older versions of npm that don't support strict peer dependency rules. However, it's possible that this setting could interfere with the resolution and update processes. Remove or comment out the legacy-peer-deps=true line in your .npmrc and check if the updates and dependency checks work without it. Consult project-specific documentation or support: If you are using a specific framework or project template that includes its own configuration for npm updates or dependency management, refer to the project's documentation or support channels for guidance. They may have specific instructions or best practices for upgrading Node.js, npm, and managing dependencies within their ecosystem. By following these steps, you should be able to diagnose and resolve the issues you are facing with npm updates, vulnerability alerts, and Dependabot in your project. |
Beta Was this translation helpful? Give feedback.
-
Hello,
After upgrading the node version (from 14.17 to 18.14) and npm in my project to the latest LTS version and rebuilding package-lock (lockfileVersion 1->3) I lost access to:
Vulnerability alerts -> Dependabot ->Dependabot alerts
Also, periodic update checks stopped working as well.
When checking Inisights -> Dependency graph -> Dependencies
package-lock.json has no dependencies or is too large to display
(before upgrade it showed dependency tree just fine)When checking out the error in the Inisights -> Dependency graph -> Depednabot -> package-lock.json
it shows errors:
where the name of the package is not always the same. Examples:
axios
,sass
Notes:
I am using myget registry via token for both npm ecosystem and nuget ecosystem and it only fails for npm.
I have
legacy-peer-deps=true
set in the.npmrc
because of legacy dependency.Is there anything I need to configure for npm updates to start working?
Beta Was this translation helpful? Give feedback.
All reactions