New Install From Raspbian Stretch



  • Hi,

    II wanted to take everything back to 0. But the installation does not work anymore.
    I would have to do it again, I think.
    I know it’s a problem of addiction, but I still can not do it:
    At the first install :

    pi@raspberrypi:~ $ bash -c "$(curl -sL https://raw.githubusercontent.com/MichMic                                                                                                                                                             h/MagicMirror/master/installers/raspberry.sh)"
    
    $$\      $$\                     $$\           $$\      $$\ $$\                                                                                                                                                                                                       $$$$$$\
    $$$\    $$$ |                    \__|          $$$\    $$$ |\__|                                                                                                                                                                                                     $$  __$$\
    $$$$\  $$$$ | $$$$$$\   $$$$$$\  $$\  $$$$$$$\ $$$$\  $$$$ |$$\  $$$$$$\   $$$$$                                                                                                                                                             $\   $$$$$$\   $$$$$$\  \__/  $$ |
    $$\$$\$$ $$ | \____$$\ $$  __$$\ $$ |$$  _____|$$\$$\$$ $$ |$$ |$$  __$$\ $$  __                                                                                                                                                             $$\ $$  __$$\ $$  __$$\  $$$$$$  |
    $$ \$$$  $$ | $$$$$$$ |$$ /  $$ |$$ |$$ /      $$ \$$$  $$ |$$ |$$ |  \__|$$ |                                                                                                                                                               \__|$$ /  $$ |$$ |  \__|$$  ____/
    $$ |\$  /$$ |$$  __$$ |$$ |  $$ |$$ |$$ |      $$ |\$  /$$ |$$ |$$ |      $$ |                                                                                                                                                                   $$ |  $$ |$$ |      $$ |
    $$ | \_/ $$ |\$$$$$$$ |\$$$$$$$ |$$ |\$$$$$$$\ $$ | \_/ $$ |$$ |$$ |      $$ |                                                                                                                                                                   \$$$$$$  |$$ |      $$$$$$$$\
    \__|     \__| \_______| \____$$ |\__| \_______|\__|     \__|\__|\__|      \__|                                                                                                                                                                    \______/ \__|      \________|
                           $$\   $$ |
                           \$$$$$$  |
                            \______/
    
    Updating packages ...
    Réception de:1 http://raspbian.raspberrypi.org/raspbian stretch InRelease [15,0                                                                                                                                                              kB]
    Atteint:2 http://archive.raspberrypi.org/debian stretch InRelease
    15,0 ko réceptionnés en 0s (15,4 ko/s)
    Lecture des listes de paquets... Fait
    Installing helper tools ...
    Lecture des listes de paquets... Fait
    Construction de l'arbre des dépendances
    Lecture des informations d'état... Fait
    build-essential is already the newest version (12.3).
    curl is already the newest version (7.52.1-5+deb9u8).
    git is already the newest version (1:2.11.0-3+deb9u4).
    unzip is already the newest version (6.0-21).
    wget is already the newest version (1.18-5+deb9u2).
    0 mis à jour, 0 nouvellement installés, 0 à enlever et 0 non mis à jour.
    Check current Node installation ...
    Node currently installed. Checking version number.
    Minimum Node version: v5.1.0
    Installed Node version: v8.11.1
    No Node.js upgrade necessary.
    Cloning MagicMirror ...
    Clonage dans 'MagicMirror'...
    remote: Enumerating objects: 302, done.
    remote: Counting objects: 100% (302/302), done.
    remote: Compressing objects: 100% (270/270), done.
    remote: Total 302 (delta 37), reused 170 (delta 22), pack-reused 0
    Réception d'objets: 100% (302/302), 614.30 KiB | 0 bytes/s, fait.
    Résolution des deltas: 100% (37/37), fait.
    Cloning MagicMirror Done!
    Installing dependencies ...
    bash: ligne 112: npm : commande introuvable
    Unable to install dependencies!
    

    After, i have instaled npm:

    pi@raspberrypi:~ $ sudo apt-get install npm
    

    but when i try again :

    pi@raspberrypi:~ $ cd MagicMirror/
    pi@raspberrypi:~/MagicMirror $ npm install
    (node:8666) [DEP0022] DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpd                                                                                                                                                             ir() instead.
    npm WARN deprecated time-grunt@2.0.0: Deprecated because Grunt is practically un                                                                                                                                                             maintained. Move on to something better. This package will continue to work with                                                                                                                                                              Grunt v1, but it will not receive any updates.
    npm WARN deprecated express-ipfilter@0.3.1: This package is no longer being main                                                                                                                                                             tained and contains security vulnerabilities
    npm ERR! Error: Method Not Allowed
    npm ERR!     at errorResponse (/usr/share/npm/lib/cache/add-named.js:260:10)
    npm ERR!     at /usr/share/npm/lib/cache/add-named.js:203:12
    npm ERR!     at saved (/usr/share/npm/node_modules/npm-registry-client/lib/get.js:167:7)
    npm ERR!     at FSReqWrap.oncomplete (fs.js:135:15)
    npm ERR! If you need help, you may report this *entire* log,
    npm ERR! including the npm and node versions, at:
    npm ERR!     
    
    npm ERR! System Linux 4.14.79-v7+
    npm ERR! command "/usr/bin/node" "/usr/bin/npm" "install"
    npm ERR! cwd /home/pi/MagicMirror
    npm ERR! node -v v8.11.1
    npm ERR! npm -v 1.4.21
    npm ERR! code E405
    npm WARN deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
    \
    > electron-chromedriver@1.8.0 install /home/pi/MagicMirror/node_modules/spectron/node_modules/electron-chromedriver
    > node ./download-chromedriver.js
    
    successfully dowloaded and extracted!
    npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
    npm WARN deprecated browserslist@2.11.3: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
    npm ERR!
    npm ERR! Additional logging details can be found in:
    npm ERR!     /home/pi/MagicMirror/npm-debug.log
    npm ERR! not ok code 0
    


  • Node is downlevel.

    See
    node -v



  • OK, i have forced upgrade node with this command:

    curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
    

    I install Node:

    sudo apt install -y nodejs
    

    now node version :

    pi@raspberrypi:~/MagicMirror $ node -v
    v10.15.0
    

    I have remove MagicMirror folder, and reinstall from the beginning:

    pi@raspberrypi:~ $ rm -rf MagicMirror/
    pi@raspberrypi:~ $ bash -c "$(curl -sL https://raw.githubusercontent.com/MichMich/MagicMirror/master/installers/raspberry.sh)"
    

    All seem OK, but they are vulnerabillity…

    Cloning MagicMirror Done!
    Installing dependencies ...
    npm WARN deprecated time-grunt@2.0.0: Deprecated because Grunt is practically unmaintained. Move on to something better. This package will continue to work with Grunt v1, but it will not receive any updates.
    npm WARN deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
    
    > electron-chromedriver@1.8.0 install /home/pi/MagicMirror/node_modules/electron-chromedriver
    > node ./download-chromedriver.js
    
    successfully dowloaded and extracted!
    
    > electron@2.0.16 postinstall /home/pi/MagicMirror/node_modules/electron
    > node install.js
    
    Downloading SHASUMS256.txt
    [============================================>] 100.0% of 5.39 kB (5.39 kB/s)
    
    > magicmirror@2.6.0 install /home/pi/MagicMirror
    > cd vendor && npm install
    
    npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents):
    npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm"})
    
    added 82 packages from 57 contributors and audited 220 packages in 15.326s
    found 3 low severity vulnerabilities
      run `npm audit fix` to fix them, or `npm audit` for details
    
    > magicmirror@2.6.0 postinstall /home/pi/MagicMirror
    > sh installers/postinstall/postinstall.sh && npm run install-fonts
    
    MagicMirror installation successful!
    
    > magicmirror@2.6.0 install-fonts /home/pi/MagicMirror
    > cd fonts && npm install
    
    added 1 package from 1 contributor and audited 1 package in 3.955s
    found 0 vulnerabilities
    
    npm WARN grunt-stylelint@0.10.1 requires a peer of stylelint@^9.0.0 but none is installed. You must install peer dependencies yourself.
    npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.
    
    added 921 packages from 1366 contributors and audited 2466 packages in 170.898s
    found 8 vulnerabilities (7 low, 1 high)
      run `npm audit fix` to fix them, or `npm audit` for details
    Dependencies installation Done!
    Check plymouth installation ...
    Splashscreen: Checking themes directory.
    Splashscreen: Create theme directory if not exists.
    Splashscreen: Theme copied successfully.
    Splashscreen: Changed theme to MagicMirror successfully.
    
    


  • @sebien0077

    run

    npm audit fix
    


  • @sdetweil
    yes i have made , only one resist :

    pi@raspberrypi:~/MagicMirror $ npm audit
    
                           === npm audit security report ===
    
    ┌──────────────────────────────────────────────────────────────────────────────┐
    │                                Manual Review                                 │
    │            Some vulnerabilities require your attention to resolve            │
    │                                                                              │
    │         Visit https://go.npm.me/audit-guide for additional guidance          │
    └──────────────────────────────────────────────────────────────────────────────┘
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ Low           │ Prototype Pollution                                          │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ lodash                                                       │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Patched in    │ >=4.17.5                                                     │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ express-ipfilter                                             │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ express-ipfilter > lodash                                    │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://nodesecurity.io/advisories/577                       │
    


  • @sebien0077

    npm i lodash@latest
    


  • Hi guys instead of me starting a new thread for the same thing can I jump in as it seems the last thing may have fixed OP’s issue, I have two vulnerabilities that are not fixing ate all 😢 can you help please I’ve tried the npm I lodash@latest but that doesn’t work

                           Manual Review                                 │
    │            Some vulnerabilities require your attention to resolve            │
    │                                                                              │
    │         Visit https://go.npm.me/audit-guide for additional guidance          │
    └──────────────────────────────────────────────────────────────────────────────┘
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ Moderate      │ Regular Expression Denial of Service                         │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ underscore.string                                            │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Patched in    │ >=3.3.5                                                      │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ fix                                                          │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ fix > underscore.string                                      │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://npmjs.com/advisories/745                             │
    └───────────────┴──────────────────────────────────────────────────────────────┘
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ Low           │ Prototype Pollution                                          │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ lodash                                                       │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Patched in    │ >=4.17.5                                                     │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ express-ipfilter                                             │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ express-ipfilter > lodash                                    │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://npmjs.com/advisories/577          
    

  • Project Sponsor

    Guys be careful with the npm vulnerabilities!
    It’s not advisable to always fix all of them.
    E.g. if a vulnerability wants to have a most recent version of an important dependency, fixing it might even break your working MM because MM can’t work with this new dependency.

    If you’re not completely sure what you’re doing then leave them.
    They are not errors after all, your modules should work with these vulnerabilities as well.



  • @lavolp3 understood thanks ill leave well alone now then thanks


  • Project Sponsor

    @sebien0077 better leave lodash alone is my suggestion. YOur mirror should work with this vulnerability as well.

    HOwever, you can of course try it out IF YOU DARE!!!
    Go on the presented link and do as suggested.

    npm install lodash@4.17.5
    

    (that’s what I would try)