My package.json says express, but it says cannot find module.
There can be a few different reasons for that - can you show us your package.json or give us your project name so we can take a look?
pnpm install in the console on a remix of your project and it showed that you’ve got what might be a cached dependency that’s trying to install event-stream v.3.3.6, which has been removed. If you take a look at Endless installation followed by every module getting nuked you can see where we’ve removed the dependencies and re-added them and that’s cleared up the issue.
We’ve had a number of people run into this, so I’m going to do some more digging to see if there’s something we can do to proactively resolve this.
What do you mean cached dependency? And if one of my modules is trying to install the bitcoin stealer, can’t I just delete it?
My supposition (and it’s only that, so far) is that somewhere in your dependency tree you’re being delivered an older version of a package that somewhere in its dependencies is relying on that since-removed version of event-stream. Removing all your dependencies and re-adding them seems to trigger a completely fresh install that gets rid of that pinned event-stream version. If you can figure out what’s relying on that package feel free to remove it; I haven’t been able to find it yet.
I was able to figure things out a little more clearly. In your case you’ve got a devDependency on nodemon ~1.8.5, and in your shrinkwrap.yaml file that points at email@example.com. If you delete shrinkwrap.yaml and run
enable-pnpm from your project’s console it will update your project to clean versions of all of your packages (particularly firstname.lastname@example.org which removes the dependency on email@example.com which was trying to pull in the bad version of event-stream - it’s turtles all the way down)
Can i run
enable-npm instead? I still don’t trust pnpm. Also, I don’t see any files called shrinkwrap.yaml. How do I edit it?
You’ll have to use the console.
enable-npm should also work; what’s your rationale for not trusting pnpm?
Uhhhh. No reason. They just seem suspicious. I’ve never heard of them until a week ago. But still, where is this ‘shrinkwrap.yaml’
Ah. pnpm has been around for a while, actually, and is partly targeted at resolving the package duplication problem that plagues npm usage, which is why it’s so appealing for Glitch (both as a platform and from the creator standpoint). It’s also noticeably faster than npm.
shrinkwrap.yaml is hidden from the editor, so you need to use the console to work with it. Also if your project’s npm-only then I think the corresponding file is shrinkwrap.json. I haven’t seen this particular problem on an npm-only project, but that’s probably because I don’t see many of those.
I don’t know how to use console.
This little screencast shows the essence of what you need
The Status button now says Logs (I haven’t gotten around to updating this gif with the new UI yet) but aside from that it probably shows what you need.