New Yarn version, package.json bin causes warning #64
Comments
|
I do not see warning... $ npm i sha.js
npm WARN saveError ENOENT: no such file or directory, open '/home/kirill/tmp/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/home/kirill/tmp/package.json'
npm WARN tmp No description
npm WARN tmp No repository field.
npm WARN tmp No README data
npm WARN tmp No license field.
+ [email protected]
added 3 packages from 2 contributors and audited 3 packages in 1.295s
found 0 vulnerabilities
$ npm --version
6.13.4
$ node --version
v13.5.0 |
|
You're right I narrowed it down to just yarn v1.21.1. yarn cache clean
yarn add sha.js
# warning [email protected]: Invalid bin entry for "sha.js" (in "sha.js").When the cache isn't cleared, the warning doesn't show up next time. Even in a fresh directory. |
Beanow
changed the title
|
So the fix will be remove bin at all or change package.json to? "bin": {
"shajs":"./bin.js"
}, |
|
I'm not certain about the fix, just happened to encounter this in the wild. It shouldn't be required by the security patch to remove it entirely though. Especially locally like we're doing here a properly formatted bin is expected to work. |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With the recent security changes:
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
It causes a warning
The text was updated successfully, but these errors were encountered: