fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Npm Dependency is Breaking Some React Apps Today — here’s the Fix

Npm Dependency is Breaking Some React Apps Today — here’s the Fix

Tons of users are reporting their Facebook Create React App builds are failing since yesterday.

The cause has been traced down to a dependency used by create-react-app, the latest version of which is breaking developers’ apps.

While a stable solution is yet to be identified, here’s a simple workaround developers can adopt.

create-react-app builds failing worldwide

Create React App is an open source project produced by Facebook (Meta) and made available on both GitHub and npm to help developers build single-page React applications fast.

The GitHub project is used by over 5.4 million repositories, whereas the npm version receives around 200,000 weekly downloads on average.

The tool offers a modern build setup while requiring no complex configuration—developers can therefore build a React app with just a few simple commands.

That explains why so many developers would rely on create-react-app and are experiencing build failure issues since yesterday.

Software engineer John Athanasiou and front-end developer Ronald Groot Jebbink have been joined by many GitHub users who reported problems building their create-react-app builds into today.    

Also Read: How does Do Not Call (DNC Registry) Affect Marketing 2020

Users report their create-react-app builds failing
Users report their create-react-app builds failing (GitHub)

Dependency hell strikes again

The straightforward error message “TypeError: MiniCssExtractPlugin is not a constructor,” gives it away.

The problem has been traced down to one of the dependencies, called mini-css-extract-plugin, used by create-react-app.

Mini CSS Extract Plugin is yet another popular project with over 4.6 million GitHub repos relying on it.

With over 7,000 npm projects depending on Mini CSS Extract Plugin, the project receives 10 million weekly downloads on average on the npm registry.

Mini CSS Extract Plugin came to life in 2018, around the same time as Extract Text Webpack Plugin was deprecated by its author.

This project extracts CSS into separate files, generating a CSS file per JS file that contains CSS.

The latest version of Mini CSS Extract Plugin, 2.5.0 was published less than a day ago and appears to be the culprit. It is since the publication of this particular version that create-react-app project builds began to fail.

Interestingly, as seen by BleepingComputer, the changelog for version 2.5.0 has the maintainer noting a new feature addition, “types” having been made: 

mini css extract plugin 2.5.0 commit
Version 2.5.0 of Mini CSS Extract Plugin comes with “added types” (GitHub)

And we wonder if the particular commit is what’s impacting create-react-app instances to break.

bug report filed for the Mini CSS Extract Plugin’s maintainers to look at goes over some possible causes. 

Also Read: Free Privacy Policy Compliance Review

Until a concrete fix is identified by Facebook’s open source team, devs have noted success by downgrading their version of the mini-css-extract-plugin to 2.4.5:

This can be done by updating your JavaScript app’s package.json file to include the following lines,  thereby pinning the dependency’s version to 2.4.5, as proposed by developer Alexandru Pavaloi:

"resolutions": {
    "mini-css-extract-plugin": "2.4.5"
},

Those who are not using yarn, and for whom the above workaround fails can try running the following command, as suggested by front-end developer Oscar Busk:

npm i -D --save-exact [email protected]

“I tried everything ‘resolutions’ as well as ‘overrides’ but none of these worked until I tried the one above!” writes a user.

Note, Facebook’s Create React App may not be the only prominent application to be impacted by the new dependency version.

Npm project @wordpress/scripts is also reportedly breaking.

Also Read: The Importance of Penetration Testing for Businesses

Developers of Auth0’s SDK for single-page applications are temporarily locking in the dependency version to ‘2.4.5’ to be safe.

Although not malicious in nature, this incident follows last week’s news of popular ‘colors’ and ‘faker’ npm dependencies breaking thousands of software projects after their developer had corrupted them.

BleepingComputer has reached out to Facebook (Meta) to better understand the cause of the issue. In the meantime, we hope the above workarounds will save your React builds.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us