Gulp安装警告:“请更新至minimatch 3.0.2”
[英]Gulp installation warning: “Please update to minimatch 3.0.2”
问题描述
I am new to npm and node.js, and I am trying to set up my working environment, after installing node.js, npm, and git for windows. 
我是npm和node.js的新手,在为Windows安装node.js,npm和git后,我试图设置我的工作环境。 I am trying to install gulp globally and as a dev dependency. 我正在尝试全局安装gulp并作为dev依赖项。 both times im getting these warnings: 两次我都收到这些警告:
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
which causing npm to cancel the installation. 这导致npm取消安装。 I am running minimatch 3.0.2 我正在运行minimatch 3.0.2
C:\WINDOWS\system32>npm -v minimatch
3.10.10
but the npm still does not recognize it as the installed version as it keeps pushing the warnings. 但是npm仍会继续推送警告,因此仍不能将其识别为已安装版本。 any idea on how to solve it? 关于如何解决的任何想法?
any help is appreciated. 任何帮助表示赞赏。
2 个解决方案
解决方案1
1 2017-04-20 09:16:37
This gives the npm verion not minmatch verion, 这使npm版本不是minmatch版本,
npm -v minimatch
Go to node_modules and delete minimatch and in the packge.json make sure minmatch version is ">=3.0.2" , then try again 转到node_modules并删除minimatch,然后在packge.json中确保minmatch版本为“> = 3.0.2”,然后重试
Or, you can just install the latest globally using 或者,您可以使用
npm install -g minimatch@3.0.2
解决方案2
1 2017-07-27 09:09:30
Having run into the same issue and searched the internet a bit, I want to record my explanation here for future reference. 遇到相同的问题并经过一些互联网搜索后,我想在这里记录我的解释以供将来参考。
The problem is not that your installed version of minimatch is too low or out of date. 问题不在于您安装的minimatch版本太低或已过时。 Neither should npm abort the installation, when these warnings are displayed. 显示这些警告时,npm也不应中止安装。
It is gulp that indirectly depends on outdated versions of minimatch , which can be verified using npm ls -g minimatch (if you installed gulp locally, leave the -g out). gulp间接依赖于minimatch的过时版本 ,可以使用npm ls -g minimatch进行验证(如果在本地安装npm ls -g minimatch ,则将-g排除在外)。 One part of the output should look like the following: 输出的一部分应如下所示:
+-- gulp@3.9.1
| `-- vinyl-fs@0.3.14
| +-- glob-stream@3.1.18
| | +-- glob@4.5.3
| | | `-- minimatch@2.0.10 deduped
| | `-- minimatch@2.0.10
| `-- glob-watcher@0.0.6
| `-- gaze@0.5.2
| `-- globule@0.1.0
| +-- glob@3.1.21
| | `-- minimatch@0.2.14 deduped
| `-- minimatch@0.2.14
This excerpt explains that gulp 3.9.1 depends on vinyl-fs 0.3.14, which again depends on glob-stream 3.1.18 and so on. 此节选解释说,口香糖3.9.1依赖于vinyl-fs 0.3.14,而后者又依赖于glob流3.1.18,依此类推。 You can see that some nested dependencies depend on minimatch 2.0.10 and others depend on minimatch 0.2.14, which are exactly the versions npm complained about during the installation. 您会看到一些嵌套的依赖项依赖于minimatch 2.0.10,而另一些依赖于minimatch 0.2.14,这正是npm在安装过程中抱怨的版本。
You are not probably able to solve this issue on your own. 您可能无法自行解决此问题。 What you can do is contact the authors of the packages with the outdated dependencies, in this case glob, glob-stream and globule, and ask them to update their dependencies to a newer version (or do it yourself and submit a pull request, if the packages are open source). 您可以做的是与过时的依赖项(在本例中为glob,glob-stream和globule)联系软件包的作者,并要求他们将其依赖项更新为较新的版本(或者自行完成并提交拉取请求,如果这些软件包是开源的)。
Chances are, though, that these warnings have no negative consequences whatsoever, given that there hasn't been an update to solve this yet, although there are many people actively using and relying on gulp. 但是,考虑到还没有更新的方法可以解决这些警告,尽管有很多人积极使用并依靠口香糖,但很可能这些警告都不会带来负面影响。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.