npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

Question

I\'m getting below warning while installing cordova. How I can resolve it?

Please see the image to know what happened when i ran below commands :

np

Answer 1

I got this message when I was trying to install ember-cli and solved by typing following command:

npm install -g npm

The command basically will update your npm and hope it will solve your problem too. :)

UPDATED:

But:

Note that as it stands if anyone runs npm install from a cloned version of your repository they will end up with the old, vulnerable version of minimatch and will see the error message warning them of a vulnerability.

So you need to run the above command again.

Answer 2

This is what I did:

$ npm install -g minimatch

After this everything installed with no error messages.

Answer 3

This is what I did to update minimatch

Following a comment on this GitHub issue,

$ npm update minimatch
$ npm -v
2.10.1
$ npm install -g npm@3
/usr/local/bin/npm -> /usr/local/lib/node_modules/npm/bin/npm-cli.js
npm@3.10.5 /usr/local/lib/node_modules/npm
$ npm install -g minimatch@3.0.2
/usr/local/lib
└─┬ minimatch@3.0.2 
  └─┬ brace-expansion@1.1.6 
    ├── balanced-match@0.4.2 
    └── concat-map@0.0.1 

$ npm -v
3.10.5
$npm view minimatch version
3.0.2

Answer 4

npm update -g minimatch@3.0.2 Resolved this for me, no sweat, let me know if it doesn't work for you. Looking at your screenshots this is 90%+ likely to fix it, I think.

Looks like npm@2.15.8 which is listed in a couple of the cordova packages, has a dependency on node-gyp@3.3.1 which has a dependency on minimatch@2.0.10

This is an example of why npm is the package manager of infinite madness. I still like modern JavaScript, but npm is as dangerous as it is useful, in my opinion.

Answer 5

Just type in "npm install -g minimatch@3.0.2" (Without the quotes). That will do

Answer 6

run command as follows:

1. ->npm update
2. ->npm install -g cordova

this worked for me.