conventional-changelog: No matching version found for conventional-changelog-preset-loader@^1.1.3

I’m not using conventional-changelog but I get lot of errors when running npm install

npm ERR! code ETARGET
npm ERR! notarget No matching version found for conventional-changelog-preset-loader@^1.1.3
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget
npm ERR! notarget It was specified as a dependency of 'conventional-changelog'
npm ERR! notarget

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/yves/.npm/_logs/2018-02-13T16_49_03_627Z-debug.log
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR!@mycompany/mypackage@1.0.0-beta.0 bootstrap: `npm install`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the @mycompany/mypackage@1.0.0-beta.0 bootstrap script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm WARN Local package.json exists, but node_modules missing, did you mean to install?

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/yves/.npm/_logs/2018-02-13T16_49_03_680Z-debug.log

@gautierrr CC

image

Edit: Related to #282

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 47
  • Comments: 41 (3 by maintainers)

Most upvoted comments

this issue is now addressed, thank you everyone for your patience; I will be following up in another thread with information about the security issue that occurred.

+19
bcoe on Feb 13, 2018

no pressure but we’ve got 100+ developers hammering F5 on this page.

+18
ajeffrey on Feb 13, 2018

The irony is that this package uses lerna, which is broken because lerna needs this package version. So he can’t publish it because travis breaks when trying to publish. https://travis-ci.org/conventional-changelog/conventional-changelog/jobs/341023923#L442

+17
pmcalmeida on Feb 13, 2018

Folks, there was a security issue with conventional-changelog, and a publication error with Lerna due to me lacking publication permissions on on of the modules in this ecosystem.

This will be corrected shortly, but open source is made by humans, and this human is currently in a Lyft.

+16
bcoe on Feb 13, 2018

Also seeing this same issue - borked our pipeline.

+14
calumpeak on Feb 13, 2018

rip lerna. ⚰️

+12
SteveCastle on Feb 13, 2018

This happened because of a security issue: conventional-changelog package was hacked, and it contained a Monero miner. I reported it to the devs and they unpublished it (and also conventional-changelog-preset-loader). They should re-add a safe version tagged with 1.1.3 to fix this issue.

+11
theboolean on Feb 13, 2018

Fix as soon as possible, please.

+7
Saurabh3333 on Feb 13, 2018

I think the issue here that the package is being used by lerna internally, so most of us can’t really use the workaround to fix the issue 😃

+7
omryshap on Feb 13, 2018

@theboolean is there a issue link that could corroborate that claim?

+6
chrinor2002 on Feb 13, 2018

A possible Workaround

npm install --production 👍

Because conventional-changelog-preset-loader is usually used by dev dependencies, it will not be installed

+6
yvele on Feb 13, 2018

😠 guys come on…

+4
viralpickaxe on Feb 13, 2018

@chrinor2002 I’m not finding an issue for it, but I know that Evan You had issues publishing packages in a monorepo: https://twitter.com/youyuxi/status/961771123636670464 Another case: https://twitter.com/BenLesh/status/961771537622708224

Also confirmed to be a known issue: https://twitter.com/seldo/status/961780556697497600

Tracked here: https://status.npmjs.org/incidents/xn9hdvgxjbq1

+2
rigor789 on Feb 13, 2018

When is it expected to start functioning normally? Any guesses??

+2
Saurabh3333 on Feb 13, 2018

Fix it please

+2
pmcalmeida on Feb 13, 2018

https://github.com/conventional-changelog/conventional-changelog/releases/tag/conventional-changelog%401.1.13 conventional-changelog@1.1.13 was when conventional-changelog-preset-loader@1.1.3 was added. The tag exists: https://github.com/conventional-changelog/conventional-changelog/releases/tag/conventional-changelog-preset-loader%401.1.3 seems like maybe it was removed or possibly the pipeline that deploys that version broke because of conventional-changelog going out before conventional-changelog-preset-loader?

+2
chrinor2002 on Feb 13, 2018

@chrinor2002 of course: I reported it on their slack: https://yargs.slack.com/archives/C09PUBXB8/p1518530041000529

+1
theboolean on Feb 13, 2018

tl;dr

flowchart

+1
viralpickaxe on Feb 13, 2018

I personally use lerna that is using conventional-changelog-preset-loader as a dev dependency

https://github.com/lerna/lerna/blob/b28d8dac8ba75f63f8d6c6eea5494fddcfaeceec/package.json#L37-L39

+1
yvele on Feb 13, 2018

As a workaround, is there a way with npm to force a previous version of a package? For example conventional-changelog-preset-loader@1.1.2? Maybe by editing package-lock.json? But npm install is failing before package-lock.json has been generated… 🤔

+1
yvele on Feb 13, 2018

There is currently an investigation going on that probably caused this.

/CC @nexdrew @bcoe was this unpublished as a result?

+1
Tapppi on Feb 13, 2018
Read more comments on GitHub
← commitlint: Windows line endings in config breaks CLI
standard-version: Changelog links are incorrect for selfhosted gitlab (default setup) since 6.0.0 →