-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not found on NPM #4
Comments
Temporary solution: |
It's back online. |
Yarn install works again for me. |
And can't use your temporary solution as i don't even know which lib is actually using this lib |
This does not seem to appear on the Yarn registry as of now. @thangngoc89 you can install this through yarn? |
@gniquil I don't know about npm, but yarn will produce and log file and you can trace it in there webpack-dev-server -> yargs@6.0.6 -> find-up -> pkg-up -> pinkie-promise |
@gniquil You can look at the log file. Find out the invoked package. It seems that NPM is backing up? |
yarn is down again :( |
still not working on npm for me |
@thangngoc89 haha ok yeah, webpacker for rails for me. So does that mean all Rails with webpacker deployment is now broken? |
other package also have problems |
@gniquil pretty much everyone who's working on frontend projects these days will be affected |
@thangngoc89 What's the matter? |
@BlackHole1 it's a dependency of dependency of webpack-dev-server |
@floatdrop could you please republish the old versions? Here is the list: 1.0.0 |
For anyone who's reading this thread, @floatdrop has unpublished all of his packages (sounds like leftpad to me). Random people is taking the package so please do not install the code. !!! |
@squigg please don't ask people to claim this package until we hear from @floatdrop. |
@paulwib it have already been claimed |
@floatdrop's NPM account was deleted and all his packages. I have re-published a few but it's way too much. I can't republish older versions but I can probably publish a new 1.0.X Not really sure what to do from here because it's breaking a lot of stuff right now. |
@paulwib it was already re-claimed and re-published, and then went again, hence my comment. Considering npm itself pretty much asks you to claim it when you browse (that's a screenshot of the npm website btw!), I didn't think I was pointing out anything over and above the obvious. |
Leftpad 2.0. This package is now breaking all Ionic builds: What does it mean for someone to re-claim the package? Could they push malicious code to have everyone pull it in, or is that not a risk? |
Yes I think this is possible. See mbensch post above, as he already did this. |
@squigg fair enough, it's difficult to know what to do in these situations. People want to help by republishing packages, but of course someone malicious could republish a new patch version with malicious code and people without lock files could unintentionally pull it into their build. |
@mbensch They ask not to republish packages: |
@Amurmurmur they ask NOT to republish |
@kbrandwijk Mistypo :/ |
waiting for recovery |
I'm having flashbacks to leftpad... |
+1. The work has stopped for me ( . Meteor project. |
warning electron > electron-download > nugget > progress-stream > through2 > xtend > object-keys@0.4.0:
error Received malformed response from registry for "pinkie-promise". The registry may be down. :'( |
Still seeing 404 on npm |
So I just did a
and its not finding pinkie-promise and im assuming its because he pulled it?? What are the next steps? |
This is one of the biggest reason, I hate people to use packages "IsString" etc that do stupid one-liners and then are used everywhere. |
Guys for everyone who is waiting on pinkie-promise |
npm/registry/issues/255 |
This is being tracked here: https://github.com/npm/registry/issues/255 |
it looks like its restored again, it works for me |
Sysadmins replacing Intel machines with Raspberry PI's :D |
it's solved :D |
party's over, back to work |
Beware though, because |
You may track the |
Update: |
Rethink the usage of this package, and the necessity of an additional dependency. Imagine what happens if someone creates a module, waits until it is used quite often, and then deletes it because of bad intentions. Require modules which you can rely on, and which are maintained but not only one person. |
Missed whole party. Oh gosh. |
Seems to have gone 404, also see floatdrop/pinkie#16.
The text was updated successfully, but these errors were encountered: