Install Fails - left-pad@0.0.3 is no longer on npm

[kauffecup]

One of the dependencies in react-native (currently looking into which one - will post back here when I figure it out) depends on left-pad@0.0.3. 15 minutes ago (as of the writing of this issue) left-pad updated to 0.0.9 and they seem to have removed 0.0.3 from npm: https://www.npmjs.com/package/left-pad

This results in the following error when simply running npm i react-native:

npm ERR! No compatible version found: left-pad@0.0.3
npm ERR! Valid install targets:
npm ERR! 0.0.9

😞

[findmory]

just to be clear this also means react-native init <projectName> fails as well

[Blackening999]

damn!!! the same issue but with Ember. Can't deploy to heroku anymore :(

[macavity23]

@kauffecup Running into this issue w React 0.14, so it's something not specific to react-native

[findmory]

Kinda ironic considering the entire package is:

module.exports = leftpad;

function leftpad (str, len, ch) {
  str = String(str);
  var i = -1;
  ch || (ch = ' ');
  len = len - str.length;

  while (++i < len) {
    str = ch + str;
  }

  return str;
}

[macavity23]

Makes you wonder what was in versions 0.0.4-0.0.8...

[Blackening999]

Kinda ironic this thing isn't important at all... Very funny, string padding destroyed the whole infrastructure. LoL. Does someone tried to downgrade their npm version?

[redconfetti]

It's such a simple library.

[dimitriwalters]

This issue is also discussed here, but a workaround is to add this to your package.json:

"left-pad": "git://github.com/azer/left-pad.git#bff80e3ef0db0bfaba7698606c4f623433d14355"

[OllieJennings]

@dimitriwalters this should be fixed now by re-installing babel (make sure latest) if you are on version 6

[kauffecup]

I ran npm-remote-ls react-native to print out the entire dependency tree... and it isn't in the resulting print. I'm not going to paste it here because it's massive, but run for yourself and see what I mean. It's fairly confusing.

[knpwrs]

For everyone giving +1: https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments

[Note by @vjeux: I deleted all the +1 comments to make this issue easier to follow]

[bennidhamma]

npm install plus-one@0.0.3

npm ERR! No compatible version found: plus-one@0.0.3
npm ERR! Valid install targets:
npm ERR! 0.0.9

[DaveyEdwards]

Im getting this with react not react-native (If react has anything to do with the error). Just updated npm/node this morning and was going to update all my deps

[samwgoldman]

Author has pulled his packages from NPM. See https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c#.y64upds2r

[ide]

Tracing backwards through the dependencies, Babel indirectly depends on left-pad. So basically that guy broke a ton of the JS ecosystem by indirectly breaking Babel (people reading this -- take note, probably not the best idea).

Once Babel republishes their packages as either a patch or minor version update, npm will automatically get the latest version of Babel with the fix.

Shrinkwrap wouldn't have helped because the author outright deleted the package from npm, so there's not much we could have done in this situation other than to statically ship the dependencies with react-native. Perhaps npm will come up with a better story around this -- ex: making it so that packages stay up for 24 hours and print a big warning about a pending removal if you try to install an unpublished version.

[ghost]

This is hilarious 😆 , but not. 😭

[msikma]

User @azer mentions in his post that he would be glad to hand over ownership of a module—I'm assuming that means it's also OK to republish the module on NPM. Since this is such an extremely simple module, perhaps someone could take it over and republish 0.0.3? That might help lots of people avoid the extra work to fix this.

[sebmck]

I've published Babel 6.7.2 and 5.8.38 to fix this. The ranges in package.json are fine but the shrinkwrap will need to be updated.

[the-kenny]

FYI: The library in question fits in a tweet (https://twitter.com/the_kenny/status/712414574658588672). Maybe people should finally start to think about what deserves to be an external dependency and what not.

[vjeux]

npm republished that version: https://twitter.com/seldo/status/712414400808755200