c'mon, npm/Ghost. What the butt?

So I am doing a standard Ghost CLI update, and it's the usual command:

sudo npm i -g ghost-cli@latest

But,

It keeps saying that XXX packages are installed, XXX packages have NOT been updated, and that there are 6 errors - 5 moderate and 1 critical. And so I run the recommended command to FIX this issue with:

npm audit fix --force

But then I am hit with these errors:

npm WARN using --force Recommended protections disabled.
npm ERR! code ENOLOCK
npm ERR! audit This command requires an existing lockfile.
npm ERR! audit Try creating one first with: npm i --package-lock-only
npm ERR! audit Original error: loadVirtual requires existing shrinkwrap file

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2022-09-02T00_54_23_933Z-debug-0.log
root@www:~# npm i --package-lock-only
npm ERR! code ENOENT
npm ERR! syscall open
npm ERR! path /root/package.json
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, open '/root/package.json'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent 

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2022-09-02T00_56_16_143Z-debug-0.log

I think I fixed it with the npm i --package-lock-only command, as after I fussed around some more, I was able to run npm package audit and see I have 0 vulnerabilities.

So then I run the original command, again:

sudo npm i -g ghost-cli@latest

And though the npm audit shows there are 0 vulnerabilities, it still says there are 6 errors altogether - 5 moderate, 1 critical.

So I am doing what it "recommended", and I see no direct vulnerabilties on/with npm, at least from what the audit tells me, so, I kind of don't know what to do with this (the 6 errors). It mentioned that 41 packages (or whatever it was) are needing "funding", and to run npm fund and that just got me back to the CLI prompt.

So...yea. Not sure what the hell.

If anyone has seen something like this, and are on Linux (I am SSH'ing into my VPS from a Mac and to Ubuntu), by all means, leave a comment and I will look into what is suggested :)

All the best, all!

Subscribe to from the desk of TMO

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe