NPM just hangs and hogs network connections

Why is npm hanging when I run npm install ?

And why isn’t my internet working???

Here’s the fix.

For context, I use a MacBook running Yosemite and use the standard Bash shell.

So, one fine day when I wanted to work on submitting a pull request on Github, I did the standard git clone, and npm install, and went to browse a post on Hackernews. I managed to get through the article and then Safari froze. I tried Chrome, but to no avail. It looked like my internet wasn’t working. Ok. This has happened occassionally. I turned WiFi off and on.

Still didn’t work.

Then I realized that my npm process was still running! I stopped it, and my internet was back to normal. I reran npm, and voila, same issue. I ran du -hcs node_modules, and absent mindedly noted that the size of the npm modules was 55M.

So I stopped the npm process, and rm -rf node_modules folder, did npm cache clean, and tried again. Nope. Still didn’t work.

I had to use internet’s favourite search engine to get to the bottom of this. Some resources pointed to running npm install -ddd, which sounds funny, but I tried it. This time I got a large log statement about all the packages installed. I tried running grunt test to see all the tests pass, but I got an error about not being able to find a module. I gutted the node_modules folder again, and followed the above steps. Interestingly now, I got a different error log when I ran grunt test. This involved grunt not being able to find dependencies.

It seemed like I had made some more headway into the process though. But, confusingly enough, the node_modules folder size was now only 21M.

So, I did some more sleuthing in the output log of npm install -ddd, and realized that the process froze at multiple calls fetching the same resource:

addRemoteTarball [ ‘https://registry.npmjs.org/request/-/request-2.72.0.tgz‘

This was quite curious indeed.

Eventually, I stumbled upon the issue in Github detailing this error, and I am happy to report that it worked for me. It might not be the ideal, elegant solution, but it let me carry on with my work… Here’s the fix:

npm config set registry http://registry.npmjs.org

It turns out that the npm config variable was set to use a https server for registry rather than http. This makes sense, as https is the secure version of http. However, it also introduced an error with my project’s dependencies. This introduces a vulnerability where a malicious player could inject code into a dependency that I was pulling from. This would mean that they would have to control registry.npmjs.org in order to serve me the malicious link. So, I took a risk and made an exception after validating the dependencies I had. So, use this fix at your own risk.

I reset it to https after I was done, to ensure future security, but I will be saving this incident in my memory if ever I bump into this type of freaky issue with npm :)

Hope that helped!

Signing off,
Pranav

Pranav's coding adventures

NPM just hangs and hogs network connections

Pranav

Software Engineer in SF. I enjoy learning about new technologies, and love to organize after hours hand on sessions to teach others. I am also an avid bicyclist, and enjoy biking up to Marin on weekends.

Full Stack Engineer at Pariveda Solutions