3

The latest version create-react-app is 4.0.3 but when I run npx create-react-app my-app it uses version 1.5.2 and also doesn't run with templates. I don't have any global installation of it and have tried uninstalling it using npm uninstall -g create-react-app.

My npm version is 7.21.1 and node version is 16.9.1

How can I make it work? Please help.

EDIT: There are 58 vulnerabilities while creating the app and this comes at the end -

A template was not provided. This is likely because you're using an outdated version of create-react-app.
Please note that global installs of create-react-app are no longer supported.
You can fix this by running npm uninstall -g create-react-app or yarn global remove create-react-app before using create-react-app again.

The folder also doesn't have the src folder just the node_modules folder and package.json file.

While running npm audit fix I get this -

tar  <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/tar
  tar-pack  *
  Depends on vulnerable versions of tar
  node_modules/tar-pack
    create-react-app  >=1.3.0-alpha.58689133
    Depends on vulnerable versions of tar-pack
    node_modules/create-react-app

3 high severity vulnerabilities
SuPythony
  • 875
  • 8
  • 23
  • Have you tried `npx create-react-app@latest my-app`? Can you confirm that `npm view create-react-app` shows the correct version as `latest`? – Vala Oct 15 '21 at 11:20
  • @Thor84no No it doesn't work. Yes they both show the same version. I have updated the question to show what is coming – SuPythony Oct 16 '21 at 08:54
  • Very odd. And does `npx create-react-app --version` (with or without `@latest`) show `4.0.3`? I just tested it and for me it installs with `4.0.3` and templates. (This is on Ubuntu with node `14.8.0` and npm `6.14.7`). – Vala Oct 17 '21 at 11:01
  • @Thor84no `npx create-react-app --version` shows version `1.5.2` – SuPythony Oct 17 '21 at 15:27
  • And you get the same for `npx create-react-app@latest --version`? – Vala Oct 18 '21 at 12:17
  • @Thor84no Yes it shows `1.5.2` only – SuPythony Oct 18 '21 at 13:57
  • That's weird. Most likely you have `1.5.2` in your npm cache, but it shouldn't use that when using `@latest`. You could try removing your npm cache (`npm config get cache` tells you where it is). – Vala Oct 19 '21 at 13:48
  • @Thor84no No it didn't work. After doing that when I did `npx create-react-app --version` it showed `1.5.2` and when I did `npx create-react-app@latest --version` it first installed it and then showed `1.5.2` only – SuPythony Oct 19 '21 at 16:00
  • I don't know why this is happening, but a month ago it worked fine. I then started using svelte and now when I tried to make a react app it didn't work – SuPythony Oct 19 '21 at 16:02
  • @Thor84no I have update the question to show what's happening after running `npm audit fix`. Maybe it's a problem with `tar-pack`. – SuPythony Oct 20 '21 at 15:12
  • It worked after I did `npm uninstall create-react-app` instead of `npm uninstall -g create-react-app`! But I still get 58 vulnerabilities including 48 high – SuPythony Oct 20 '21 at 18:31
  • `npm uninstall create-react-app` working at all suggests you were doing this in a directory where you had installed `create-react-app`. There shouldn't be a `package.json` or a `node_modules` directory where you run `npx create-react-app`; have you made sure there wasn't? – Vala Oct 21 '21 at 12:39
  • 1
    I was running the command in the Desktop directory. But it was installed in my home directory - `C:\Users\Name`. I just checked, yes it had a `package.json`. So it means that instead of using the latest uninstalled version, it was checking first in the directory one level up and then running it? Thank you for your help! – SuPythony Oct 23 '21 at 06:32
  • Does this answer your question? [Npm audit fix --force react script downgrade automatically](https://stackoverflow.com/questions/67693423/npm-audit-fix-force-react-script-downgrade-automatically) – Andrey Nov 28 '21 at 14:35

1 Answers1

6

Short version:

npx clear-npx-cache

Temporary solution:

npx create-react-app@latest my-app

Now for the explanation. I think npx is running an old version of create-react-app on your computer. The first time you do npx create-react-app, the package is installed in the cache. npx does not check for newer versions if the package is cached. You can sidestep this issue by adding @latest. This forces npx to fetch the package even if it is cached.

A better solution is to clear the cache. There are other guides about how to find and remove the cache folder on windows and macos. The package clear-npx-cache does this.

David
  • 943
  • 1
  • 10
  • 26
  • A popular alternative to create-react-app is Vite. It's an alternative for create-react-app. To try it, type: npm init vite@latest – David Jul 02 '23 at 14:49