react-native: Install Fails - left-pad@0.0.3 is no longer on npm

One of the dependencies in react-native (currently looking into which one - will post back here when I figure it out) depends on left-pad@0.0.3. 15 minutes ago (as of the writing of this issue) left-pad updated to 0.0.9 and they seem to have removed 0.0.3 from npm: https://www.npmjs.com/package/left-pad

This results in the following error when simply running npm i react-native:

npm ERR! No compatible version found: left-pad@0.0.3
npm ERR! Valid install targets:
npm ERR! 0.0.9

😞

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 58
  • Comments: 20 (4 by maintainers)

Most upvoted comments

For everyone giving +1: https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments

[Note by @vjeux: I deleted all the +1 comments to make this issue easier to follow]

Makes you wonder what was in versions 0.0.4-0.0.8…

FYI: The library in question fits in a tweet (https://twitter.com/the_kenny/status/712414574658588672). Maybe people should finally start to think about what deserves to be an external dependency and what not.

Kinda ironic considering the entire package is:

module.exports = leftpad;

function leftpad (str, len, ch) {
  str = String(str);
  var i = -1;
  ch || (ch = ' ');
  len = len - str.length;

  while (++i < len) {
    str = ch + str;
  }

  return str;
}

This issue is also discussed here, but a workaround is to add this to your package.json:

"left-pad": "git://github.com/azer/left-pad.git#bff80e3ef0db0bfaba7698606c4f623433d14355"

just to be clear this also means react-native init <projectName> fails as well

I’ve published Babel 6.7.2 and 5.8.38 to fix this. The ranges in package.json are fine but the shrinkwrap will need to be updated.

Tracing backwards through the dependencies, Babel indirectly depends on left-pad. So basically that guy broke a ton of the JS ecosystem by indirectly breaking Babel (people reading this – take note, probably not the best idea).

Once Babel republishes their packages as either a patch or minor version update, npm will automatically get the latest version of Babel with the fix.

Shrinkwrap wouldn’t have helped because the author outright deleted the package from npm, so there’s not much we could have done in this situation other than to statically ship the dependencies with react-native. Perhaps npm will come up with a better story around this – ex: making it so that packages stay up for 24 hours and print a big warning about a pending removal if you try to install an unpublished version.

npm install plus-one@0.0.3

npm ERR! No compatible version found: plus-one@0.0.3
npm ERR! Valid install targets:
npm ERR! 0.0.9

User @azer mentions in his post that he would be glad to hand over ownership of a module—I’m assuming that means it’s also OK to republish the module on NPM. Since this is such an extremely simple module, perhaps someone could take it over and republish 0.0.3? That might help lots of people avoid the extra work to fix this.

damn!!! the same issue but with Ember. Can’t deploy to heroku anymore 😦