This is not an error. Your tar is outdated. To fix this issue run this command:
npm i tar and enter ok. Now your problem of npm WARN deprecated [email protected]: This version of tar is no longer supported, and will not receive security updates. will be fixed.
» npm install tar
Videos
» npm install node-tar
This is not an error. Your tar is outdated. To fix this issue run this command:
npm i tar and enter ok. Now your problem of npm WARN deprecated [email protected]: This version of tar is no longer supported, and will not receive security updates. will be fixed.
Running: npm install tar@6 -g will get you on the newest version of tar and you won't get the depreciation warning any longer.
Currently, as of me writing this, 6.1.11 is the newest version of tar available: https://www.npmjs.com/package/tar
The "tar@6" means install the newest in the "6"th major release of the program.
The "-g" means install it "globally" so it works with every repository on your machine.
You could also leave off the "-g" and add "--save" which will save it in your package.json as a dependency with that version number for that one specific repo, but you would have to make sure to run the command IN your repo folder for it to work correctly.
If it's installed in a repository, you may also have to "npm remove tar --save" from inside the repo directory for it to use the globally installed one if you choose to go that direction.
» npm install node-tar.gz
» npm install tar-stream
» npm install tar-fs
» npm install @types/tar
The tarball directory structure is like this:
$ tar tf node-v6.10.1-linux-x64.tar.xz | head
node-v6.10.1-linux-x64/
node-v6.10.1-linux-x64/bin/
node-v6.10.1-linux-x64/bin/npm
node-v6.10.1-linux-x64/bin/node
node-v6.10.1-linux-x64/share/
node-v6.10.1-linux-x64/share/man/
node-v6.10.1-linux-x64/share/man/man1/
node-v6.10.1-linux-x64/share/man/man1/node.1
node-v6.10.1-linux-x64/share/systemtap/
node-v6.10.1-linux-x64/share/systemtap/tapset/
When you extract this archive without any other options in /usr/local, you get this:
/usr/local/node-v6.10.1-linux-x64/
/usr/local/node-v6.10.1-linux-x64/bin/
/usr/local/node-v6.10.1-linux-x64/bin/npm
/usr/local/node-v6.10.1-linux-x64/bin/node
/usr/local/node-v6.10.1-linux-x64/share/
/usr/local/node-v6.10.1-linux-x64/share/man/
/usr/local/node-v6.10.1-linux-x64/share/man/man1/
/usr/local/node-v6.10.1-linux-x64/share/man/man1/node.1
/usr/local/node-v6.10.1-linux-x64/share/systemtap/
/usr/local/node-v6.10.1-linux-x64/share/systemtap/tapset/
So, a new directory is created in /usr/local, and the files get dumped there.
However, with --strip-components=1, one directory component from the extracted path is removed, so node-v6.10.1-linux-x64/bin/ becomes bin/ and node-v6.10.1-linux-x64/bin/npm becomes bin/npm:
/usr/local/
/usr/local/bin/
/usr/local/bin/npm
/usr/local/bin/node
/usr/local/share/
/usr/local/share/man/
/usr/local/share/man/man1/
/usr/local/share/man/man1/node.1
/usr/local/share/systemtap/
/usr/local/share/systemtap/tapset/
And /usr/local/bin is already in PATH, so you don't need to do anything else to execute npm and node.
This is sort of a cool (yet annoying) way of installing NodeJS.
If you run tar tf /usr/save/node-v4.2.1-linux-x64.tar.gz on the file, you'll see something like this:
node-v4.2.1-linux-x64/
node-v4.2.1-linux-x64/bin/
node-v4.2.1-linux-x64/bin/npm
node-v4.2.1-linux-x64/bin/node
node-v4.2.1-linux-x64/share/
node-v4.2.1-linux-x64/share/man/
node-v4.2.1-linux-x64/share/man/man1/
Basically, this means that when you extract this tar archive, it'll extract to a folder called node-v4.2.1-linux-x64 with all of these subfolders (and the node installation) inside of it. In fact, you can even try this extraction to get a better idea:
mkdir /tmp/node
cd /tmp/node
tar xvf /usr/save/node-v4.2.1-linux-x64.tar.gz
If you run ls, you'll see a node-v4.2.1-linux-x64 folder.
Now, --strip-components 1 does something interesting to the extraction process. From man tar:
--strip-components=NUMBER
strip NUMBER leading components from file names on extraction
Basically, this means that when tar is going to extract your archive, it's going to pretend like the node-v4.2.1-linux-x64 folder isn't there. Instead, it's going to extract bin/, share/ and all the other folders directly.
In fact, you can try it:
mkdir /tmp/node
cd /tmp/node
tar xvf /usr/save/node-v4.2.1-linux-x64.tar.gz --strip-components=1
If you run ls, you'll see there's no longer a node-v4.2.1-linux-x64 folder. It's just bin/, include/, lib/, and share/ (all coincidentally folders in /usr/local/).
Your second command wouldn't have worked because it would have just extracted the node-v4.2.1-linux-x64 folder to /usr/local (if it even ran at all). If you run ls /usr/local, you might even see this folder hanging around. It's useless, feel free to delete with rm. As for why it's useless, keep reading...
Now that we've explained how the tar command works, we can explain how this gets installed.
Every Linux system has something called the $PATH variable, which determines where executable files are stored. Among these places is /usr/local/bin. When you extract that binary inside /usr/local (which I'm confident is what your install instructions say), the NodeJS binary is being written to /usr/local/bin/node as per how extractions are done. Similarly, all the libraries are being added to the local library folder and everything pretty much just goes where it belongs.
Now, the caveat (and why this is annoying) is that apt won't see or understand or realize what's going on. You won't be able to update it through sudo apt upgrade or similar. You'd need to manually go in and clean the old NodeJS install and then put in the new one in case you ever want to upgrade.
I would recommend you just run sudo apt install nodejs-legacy instead. Less pain, and it automatically updates for you.
Just an update on this answer, instead of node-tar, consider using tar-fs which yields a significant performance boost, as well as a neater interface.
var tarFile = 'my-other-tarball.tar';
var target = './my-other-directory';
// extracting a directory
fs.createReadStream(tarFile).pipe(tar.extract(target));
The tar-stream module is a pretty good one:
var tar = require('tar-stream')
var fs = require('fs')
var extract = tar.extract();
extract.on('entry', function(header, stream, callback) {
// make directories or files depending on the header here...
// call callback() when you're done with this entry
});
fs.createReadStream("something.tar").pipe(extract)
extract.on('finish', function() {
console.log('done!')
});
The issue is being tracked on the gitgub page
https://github.com/sass/node-sass/issues/2625
Please update the value for "tar" in your "package-lock.json" file. And to verify, run "[npm audit][1]".
"tar": {
"version": "4.4.8",
"resolved": "https://registry.npmjs.org/tar/-/tar-4.4.8.tgz",
"integrity": "value",
"dev": true,
"optional": true,
"requires": {
"block-stream": "*",
"fstream": "^1.0.2",
"inherits": "2"
}
}
You can use npm view to get the URL to the registry's tarball (in this example for the module level):
$ npm view level dist.tarball
And to download tarball, you can use npm pack:
$ npm pack level
If you need to get the tarball without having npm installed, you can fetch the package information using curl and use jq to get the right information from the JSON:
curl https://registry.npmjs.org/PACKAGE-NAME/ \
| jq '.versions[."dist-tags".latest].dist.tarball'
This is for instance useful if you're building a Docker container that requires one npm package, and don't want to install npm just for that.