I'm running yarn in a project, but I'm getting this error:
Exit code: 1
Command: start /B node compile.js & node compile.js
Arguments:
Directory: 项目名/node_modules/coa
Output:
/bin/sh: 1: start: not found
internal/modules/cjs/loader.js:905
throw err;
^
Error: Cannot find module '项目名/node_modules/coa/compile.js'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:902:15)
at Function.Module._load (internal/modules/cjs/loader.js:746:27)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
at internal/main/run_main_module.js:17:47 {
I've already uninstalled all the .lock and node_module folder, but it still doesn't work.
解决:Last release contains malicious code · Issue #99 · veged/coa · GitHub
Short-term fix
No fix should be needed as the affected versions have been removed. But I'm leaving what I wrote initially just in case something does go wrong again. For now I'd advise you to pin the version as described below until this has been resolved conclusively.
🤕 Use "coa@2.0.2" specifically. 2.0.3. is the first update that broke things. 🤕
Additionally as @herrwitzi suggests in the comments if you use yarn you can add a resolution to your package.json
"resolutions": { "coa": "2.0.2" },
And as @bugron suggested for other package managers add those to your package.json
:
pnpm: package.json | pnpm
"pnpm": {
"overrides": {
"coa": "2.0.2"
}
},
yarn: Selective dependency resolutions | Yarn
"resolutions": {
"coa": "2.0.2"
}
在package.json文件中加入上面的resolutions配置
为什么是2.0.2?
热门NPM库 “coa” 和“rc” 接连遭劫持,影响全球的 React 管道
npm 库 “coa” 竟然发布了新版本???要知道这个项目已经有数年没有人动过,今天突然出现在npm库中。“coa” 是 Node.js 项目的命令行选项解析器。该项目的最新稳定版 2.0.2 在2018年12月发布。但就在几个小时前,npm 上出现了可疑版本 2.0.3、2.0.4、2.1.1、2.1.3和3.1.3,导致依赖于 “coa” 库的 React 程序包崩溃。
问题:node.js - Cannot find module coa/compile.js - Stack Overflow