Not found on NPM

[paulwib]

Seems to have gone 404, also see floatdrop/pinkie#16.

[BlackHole1]

Temporary solution:
npm install --save pinkie-promise@2.0.2

[thangngoc89]

It's back online.

[jmeridth]

Kind of but not really 😢

[thangngoc89]

Yarn install works again for me.

[gniquil]

And can't use your temporary solution as i don't even know which lib is actually using this lib

[jarretmoses]

This does not seem to appear on the Yarn registry as of now. @thangngoc89 you can install this through yarn?

[thangngoc89]

@gniquil I don't know about npm, but yarn will produce and log file and you can trace it in there

webpack-dev-server -> yargs@6.0.6 -> find-up -> pkg-up -> pinkie-promise

[BlackHole1]

@gniquil You can look at the log file. Find out the invoked package. It seems that NPM is backing up?

[thangngoc89]

yarn is down again :(

[chrisbutler]

still not working on npm for me

[gniquil]

@thangngoc89 haha ok yeah, webpacker for rails for me.

So does that mean all Rails with webpacker deployment is now broken?

[BlackHole1]

other package also have problems

[thangngoc89]

@gniquil pretty much everyone who's working on frontend projects these days will be affected

[BlackHole1]

@thangngoc89 What's the matter?

[thangngoc89]

@BlackHole1 it's a dependency of dependency of webpack-dev-server

[thangngoc89]

@floatdrop could you please republish the old versions?

Here is the list:

1.0.0
2.0.0
2.0.1
2.0.2

[thangngoc89]

For anyone who's reading this thread, @floatdrop has unpublished all of his packages (sounds like leftpad to me). Random people is taking the package so please do not install the code. !!!

[squigg]

It's gone again:

[paulwib]

@squigg please don't ask people to claim this package until we hear from @floatdrop.

[thangngoc89]

@paulwib it have already been claimed

[mbensch]

@floatdrop's NPM account was deleted and all his packages. I have re-published a few but it's way too much. I can't republish older versions but I can probably publish a new 1.0.X Not really sure what to do from here because it's breaking a lot of stuff right now.

[squigg]

@paulwib it was already re-claimed and re-published, and then went again, hence my comment. Considering npm itself pretty much asks you to claim it when you browse (that's a screenshot of the npm website btw!), I didn't think I was pointing out anything over and above the obvious.

[Oduig]

Leftpad 2.0. This package is now breaking all Ionic builds:

https://stackoverflow.com/questions/48131111/ionic-pro-build-failed-npm-err-404-not-found-pinkie-promise/48131180#48131180

What does it mean for someone to re-claim the package? Could they push malicious code to have everyone pull it in, or is that not a risk?

[squigg]

Yes I think this is possible. See mbensch post above, as he already did this.

[paulwib]

@squigg fair enough, it's difficult to know what to do in these situations. People want to help by republishing packages, but of course someone malicious could republish a new patch version with malicious code and people without lock files could unintentionally pull it into their build.

[Amurmurmur]

@mbensch They ask not to republish packages:
https://status.npmjs.org/incidents/41zfb8qpvrdj

[kbrandwijk]

@Amurmurmur they ask NOT to republish

[Amurmurmur]

@kbrandwijk Mistypo :/

[quentinyang]

waiting for recovery

[jcreamer898]

I'm having flashbacks to leftpad...

[sualex]

+1. The work has stopped for me ( . Meteor project.

[sixertoy]

warning electron > electron-download > nugget > progress-stream > through2 > xtend > object-keys@0.4.0:
error Received malformed response from registry for "pinkie-promise". The registry may be down.

:'(

[Taylor123]

Still seeing 404 on npm

[staycreativedesign]

So I just did a

npm install ionic cordova -g

and its not finding pinkie-promise and im assuming its because he pulled it?? What are the next steps?

[shacal]

This is one of the biggest reason, I hate people to use packages "IsString" etc that do stupid one-liners and then are used everywhere.
Code more, less packet whoring...

[Amurmurmur]

Guys for everyone who is waiting on pinkie-promise
https://gist.github.com/Amurmurmur/860691b93e391a86facede780656f8ab

[sgnl]

npm/registry/issues/255

[brunocroh]

Npm's answer
https://twitter.com/npmstatus/status/949735322522345472

[liquidmetal]

This is being tracked here: https://github.com/npm/registry/issues/255

[anedisi]

it looks like its restored again, it works for me

[shacal]

Sysadmins replacing Intel machines with Raspberry PI's :D

[krupper]

it's solved :D

[risinek]

party's over, back to work

[danielweck]

Beware though, because pinkie was re-published by another dev!
floatdrop/pinkie#18 (comment)

[danielweck]

You may track the pinkie issue at NPM's "registry" repository: https://github.com/npm/registry/issues/256

[danielweck]

Update:
https://github.com/npm/registry/issues/256#issuecomment-355785321
Probably a good idea to clear npm / yarn cache, node_modules, and lock files...

[czuendorf]

Rethink the usage of this package, and the necessity of an additional dependency.
I know it may be easier to type "npm install" than to think about a solution. But today you all discovered the disadvantages. Only create dependencies when they are needed (and for good reasons) and not because ONE line of code. Even copy-paste would be faster than 'npm install' and 'require("pinkie-promise")':
https://github.com/floatdrop/pinkie-promise/blob/master/index.js#L3

Imagine what happens if someone creates a module, waits until it is used quite often, and then deletes it because of bad intentions.

Require modules which you can rely on, and which are maintained but not only one person.

[floatdrop]

party's over, back to work

Missed whole party. Oh gosh.