0

I am trying to install the react app using the code:

sudo npm i -g create-react-app@1.5.2

I keep receiving the following response:

npm WARN deprecated tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap. changed 66 packages, and audited 67 packages in 838ms

1 package is looking for funding run npm fund for details

2 high severity vulnerabilities

Some issues need review, and may require choosing a different dependency.

I then proceed to execute: npm install tar@6 -g to install the latest version of tar available and then execute: npm show tar version and it says I am running version 6.1.11 which is currently the latest version. However I keep receiving the same error saying that my tar is outdated.

Any ideas as to how I can resolve this challenge?

Josh Dylan
  • 1
  • 2
  • Is `tar` installed in your project directory, as well as globally via `npm`? Check out the advice in [this answer](https://stackoverflow.com/a/69110326/7859515): *"If it's installed in a repository, you may also have to "npm remove tar --save" from inside the repo directory for it to use the globally installed one"* – MyStackRunnethOver Nov 16 '21 at 18:51
  • I have no idea. I don't suppose you would be willing to join a google meet with me to help me figure out what is wrong. I have been wrestling with this for a long time and I can't seem to find what the issue is. – Josh Dylan Nov 17 '21 at 14:04

2 Answers2

2

This happens because of the create-react-app dependency on a particular (2.2.2) version of tar

This is the dependency path:

create-react-app 1.5.2 > tar-pack 3.4.1 > tar 2.2.2

tromgy
  • 4,937
  • 3
  • 17
  • 18
  • Do you have any suggestions as to how I can overcome this challenge I am experiencing? I perhaps need to be directed to a resource explaining npm dependencies to conceptually understand the problem that I am trying to solve. – Josh Dylan Nov 17 '21 at 13:31
  • 1
    Surprisingly, even the latest (4.0.3) **create-react-app** still has the same dependency. This is because **tar-pack** has not been updated in years, and there's a pull request pending to update the **tar** dependency since 2018! Given that you cannot do anything about that warning. But I don't think it shouldn't be a problem when creating actual React apps. – tromgy Nov 17 '21 at 13:46
  • Correction for the previous comment: I don't think it should be a problem when creating actual React apps. – tromgy Nov 17 '21 at 13:59
  • As far as dependencies in general, you can look [here](https://lexi-lambda.github.io/blog/2016/08/24/understanding-the-npm-dependency-model/). The simplest way to see the dependencies is to run `npm list --all` from the directory where the package is installed, or if you want something nicer looking you can use [npm-tree](https://www.npmjs.com/package/@tromgy/npm-tree) (disclaimer: I'm the author) – tromgy Nov 17 '21 at 14:07
  • Sir, you are a hero. You're absolutely correct. I have continued creating my react app with no issues. Crazy how an imaginary hurdle can stop you from getting going. Thank you for the references. – Josh Dylan Nov 18 '21 at 10:40
1

I found the solution

npm install tar@6 -g
Dharman
  • 30,962
  • 25
  • 85
  • 135
Stephanie G
  • 41
  • 6
  • While this code snippet may solve the problem, it doesn't explain why or how it answers the question. Please [include an explanation for your code](//meta.stackexchange.com/q/114762/269535), as that really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. – Luca Kiebel Feb 22 '22 at 15:45