-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Yarn version, package.json bin causes warning #64
Comments
I do not see warning... $ npm i sha.js
npm WARN saveError ENOENT: no such file or directory, open '/home/kirill/tmp/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/home/kirill/tmp/package.json'
npm WARN tmp No description
npm WARN tmp No repository field.
npm WARN tmp No README data
npm WARN tmp No license field.
+ sha.js@2.4.11
added 3 packages from 2 contributors and audited 3 packages in 1.295s
found 0 vulnerabilities
$ npm --version
6.13.4
$ node --version
v13.5.0 |
You're right I narrowed it down to just yarn v1.21.1. yarn cache clean
yarn add sha.js
# warning sha.js@2.4.11: Invalid bin entry for "sha.js" (in "sha.js"). When the cache isn't cleared, the warning doesn't show up next time. Even in a fresh directory. |
So the fix will be remove bin at all or change package.json to? "bin": {
"shajs":"./bin.js"
}, |
I'm not certain about the fix, just happened to encounter this in the wild. It shouldn't be required by the security patch to remove it entirely though. Especially locally like we're doing here a properly formatted bin is expected to work. |
With the recent security changes:
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
It causes a warning
The text was updated successfully, but these errors were encountered: