NPM just hangs and hogs network connections
Why is npm hanging when I run npm install
?
And why isn’t my internet working???
Here’s the fix.
For context, I use a MacBook running Yosemite and use the standard Bash shell.
So, one fine day when I wanted to work on submitting a pull request on Github, I did the standard git clone, and npm install, and went to browse a post on Hackernews. I managed to get through the article and then Safari froze. I tried Chrome, but to no avail. It looked like my internet wasn’t working. Ok. This has happened occassionally. I turned WiFi off and on.
Still didn’t work.
Then I realized that my npm process was still running! I stopped it, and my internet was back to normal. I reran npm, and voila, same issue. I ran du -hcs node_modules, and absent mindedly noted that the size of the npm modules was 55M.
So I stopped the npm process, and rm -rf node_modules folder, did npm cache clean, and tried again. Nope. Still didn’t work.
I had to use internet’s favourite search engine to get to the bottom of this. Some resources pointed to running npm install -ddd, which sounds funny, but I tried it. This time I got a large log statement about all the packages installed. I tried running grunt test to see all the tests pass, but I got an error about not being able to find a module. I gutted the node_modules folder again, and followed the above steps. Interestingly now, I got a different error log when I ran grunt test. This involved grunt not being able to find dependencies.
It seemed like I had made some more headway into the process though. But, confusingly enough, the node_modules folder size was now only 21M.
So, I did some more sleuthing in the output log of npm install -ddd, and realized that the process froze at multiple calls fetching the same resource:
addRemoteTarball [ ‘https://registry.npmjs.org/request/-/request-2.72.0.tgz‘
This was quite curious indeed.
Eventually, I stumbled upon the issue in Github detailing this error, and I am happy to report that it worked for me. It might not be the ideal, elegant solution, but it let me carry on with my work… Here’s the fix:
npm config set registry http://registry.npmjs.org
It turns out that the npm config variable was set to use a https
server for registry rather than http
. This makes sense, as https
is the secure version of http
. However, it also introduced an error with my project’s dependencies. This introduces a vulnerability where a malicious player could inject code into a dependency that I was pulling from. This would mean that they would have to control registry.npmjs.org in order to serve me the malicious link. So, I took a risk and made an exception after validating the dependencies I had. So, use this fix at your own risk.
I reset it to https
after I was done, to ensure future security, but I will be saving this incident in my memory if ever I bump into this type of freaky issue with npm :)
Hope that helped!
Signing off,
Pranav