create-react-native-app: Can't create a new app

Description

I’m running commands like create-react-native-app foo, but they’re failing. They’ve worked in the past with the same setup (same versions of node, yarn, OS, same network, etc.) - I think it may be an issue with a package that create-react-native-app depends on (duplexer3) being removed from the npm registry?

Expected Behavior

I expected a new react native app skeleton to be created.

Observed Behavior

create-react-native-app foo failed with output:

Creating a new React Native app in /Users/yashapodeswa/projects/foo.

Using package manager as yarnpkg with yarn interface.
Installing packages. This might take a couple minutes.
Installing react-native-scripts...

yarn add v1.3.2
info No lockfile found.
[1/4] 🔍  Resolving packages...
warning react-native-scripts > xdl > auth0-js > xtend > object-keys@0.4.0:
error Received malformed response from registry for "duplexer3". The registry may be down.
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.
Error: Received malformed response from registry for "timed-out". The registry may be down.
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48907:15
    at Generator.next (<anonymous>)
    at step (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:92:30)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:110:14
    at new Promise (<anonymous>)
    at new F (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:29389:28)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:89:12
    at Function.findVersionInRegistryResponse (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48946:7)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48963:28
    at Generator.next (<anonymous>)
Error: Received malformed response from registry for "timed-out". The registry may be down.
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48907:15
    at Generator.next (<anonymous>)
    at step (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:92:30)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:110:14
    at new Promise (<anonymous>)
    at new F (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:29389:28)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:89:12
    at Function.findVersionInRegistryResponse (/usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48946:7)
    at /usr/local/Cellar/yarn/1.3.2/libexec/lib/cli.js:48963:28
    at Generator.next (<anonymous>)
`yarnpkg add --dev --exact --ignore-optional react-native-scripts` failed

Environment

Please run these commands in the project folder and fill in their results:

  • npm ls react-native-scripts: n/a
  • npm ls react-native: n/a
  • npm ls expo: n/a
  • node -v: 8.9.4
  • npm -v: 5.6.0
  • yarn --version: 1.3.2
  • watchman version: 4.9.0

Also specify:

  1. Operating system: macOS Sierra (version 10.12.6)
  2. Phone/emulator/simulator & version: n/a

Reproducible Demo

Run create-react-native-app <anything>

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 19

Most upvoted comments

Sorry @puradox , didn’t mean to say that you’d put anything malicious in there. Was just using pinkie as evidence of “it may be temporarily possible for some commonly used packages to be re-published by not-the-original-author”, and if that was indeed the case, npm installs of seemingly trusted packages could do some really nasty stuff to your system, so the cautious approach would be to wait a bit before installing any npm packages.

+1
yashap on Jan 9, 2018

@yashap @shtefcs I had no intention of “hijacking” pinkie. See my comment on https://github.com/floatdrop/pinkie/issues/18.

+1
puradox on Jan 9, 2018

Looks like there may have been at least one package hijacked: https://github.com/npm/registry/issues/256

I definitely think the safe move is to not install any npm packages for a little while (so no create-react-native-app, create-react-app, npm install, yarn install, etc.). If you’ve already done that, worth keeping an eye on npm news for the next few days/weeks, seeing if any malware snuck in, and if so what you can do to mitigate it.

+1
yashap on Jan 6, 2018

If you’re the cautious type, you may want to avoid doing anything that installs npm packages for the next 24hrs or so. npm lacks some pretty basic security features that you’d expect from a package manager of its size, after all these packages got wiped it may have been possible for people to replace them with imposter packages that install malware.

+1
yashap on Jan 6, 2018

It works now 👍

+1
jelenajjo on Jan 6, 2018

More infos here: https://github.com/npm/registry/issues/255

+1
theduke on Jan 6, 2018

Issue is acknowledged was acknowledged by npm and is being worked on.

https://status.npmjs.org/incidents/41zfb8qpvrdj

This could take a while to resolve though, so go and enjoy your saturday.

+1
theduke on Jan 6, 2018
Read more comments on GitHub
← create-react-native-app: Cannot find module './build/Release/DTraceProviderBindings'
create-react-native-app: Can't make requests to local API server →