I have installed globally pouchdb-server and I got this message about graceful-fs:
$ npm install -g pouchdb-server
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
As the message says, the package will failwith node > 7.0 (which I use), so I would like to know how to perform the upgrade.
If I execute:
$ npm ls graceful-fs -g
I see that graceful-fs is used in several global packages, but the only one with the old version is in `pouchdb-server:
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └── [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └── [email protected]
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ ├─┬ [email protected]
│ │ │ └─┬ [email protected]
│ │ │ └── [email protected]
│ │ └─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └── [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ ├─┬ [email protected]
│ │ ├─┬ [email protected]
│ │ │ └── [email protected]
│ │ └── [email protected]
│ └─┬ [email protected]
│ └── [email protected]
├─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected]
I've tried npm update -g graceful-fs but this doesn't work, what is the proper way to uppgrade a package that is a dependency of a global package?
Just to be clear: I don't want to globally install the graceful-fs package; rather, I want to upgrade the installation of graceful-fs that is used by the pouchdb-server package.
You cannot fix this yourself, you need to ask the package maintainer(s) to upgrade their dependencies.
The best you can do is to run
npm update -g(a.k.a.npm upgrade -g) to ensure that all (global, in this case) packages are upgraded to the latest version of their dependencies as allowed by their dependency specs. in their respectivepackage.jsonfiles.Beyond that, upgrading to higher version numbers among the dependencies cannot be done, unless the package(s) in question are themselves modified to depend (allow depending) on more recent versions of their dependent packages.
Package designers specify a permissible range of version numbers among dependent packages, and going outside that range is usually not safe due to the rules of semver (semantic versioning).
Unfortunately, that means that packages that haven't had their dependencies updated in a long time run the risk of being obsoleted by changes in Node.js/npm.
Looking at your specific case:
pouchdb-serverhas a dependency on"couchdb-harness": "*", which specifies that that anycouchdb-harnessversion satisfies the dependency (which is unusually permissive, possibly at the expense of robustness).couchdb-harnessis the problem, however: it depends on"glob": "~3.1.21", which means that it won't install and work withglobpackage versions higher than3.1.x- see npm's docs on semver version specifications.(The latest
glob3.xpackage itself depends on"minimatch": "~0.2.11", which explains the other warning, which, however, will go away ifcouchdb-harnessupdates its dependencies to the latestglobversion.)