Issues npm installing 2.3.0-rc.3: shouldn't truffle be an npm dependency (not devDependency)?

Hello,

I’m trying out the 2.3.0-rc.3 release candidate so that I can create a contract that is the recipient of ERC-777 tokens. I noticed that when I include this version in my package.json file, I encounter the following error when running npm install. It looks like the bin/compile.sh that was recently added is using truffle from the command-line. If open-zeppelin uses truffle shouldn’t it have truffle in the dependencies of its package.json instead of devDependencies, as devDependencies are not included in the npm module. Otherwise, consider using peerDependencies so you can signal to people that this package requires having a truffle dependency.

$ npm install

> openzeppelin-solidity@2.3.0-rc.3 prepack /Users/hassan/.npm/_cacache/tmp/git-clone-7a8cbaa8
> npm run build


> openzeppelin-solidity@2.3.0-rc.3 build /Users/hassan/.npm/_cacache/tmp/git-clone-7a8cbaa8
> scripts/build.sh


> openzeppelin-solidity@2.3.0-rc.3 compile /Users/hassan/.npm/_cacache/tmp/git-clone-7a8cbaa8
> truffle compile

sh: truffle: command not found
npm ERR! file sh
npm ERR! code ELIFECYCLE
npm ERR! errno ENOENT
npm ERR! syscall spawn
npm ERR! openzeppelin-solidity@2.3.0-rc.3 compile: `truffle compile`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the openzeppelin-solidity@2.3.0-rc.3 compile script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm WARN Local package.json exists, but node_modules missing, did you mean to install?

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/hassan/.npm/_logs/2019-05-21T15_43_08_687Z-debug.log
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! openzeppelin-solidity@2.3.0-rc.3 build: `scripts/build.sh`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the openzeppelin-solidity@2.3.0-rc.3 build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm WARN Local package.json exists, but node_modules missing, did you mean to install?

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/hassan/.npm/_logs/2019-05-21T15_43_08_717Z-debug.log
npm ERR! premature close

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/hassan/.npm/_logs/2019-05-21T15_43_09_228Z-debug.log
1 Like

I wonder if maybe the issue is that the scripts used by the maintainers of openzeppelin-solidity are being inadvertently executed by people wishing to consume the npm module? I guess I don’t understand what needs to be compiled in the openzeppelin-solidity module as part of npm install if all I want to do is to import contracts from openzeppelin-solidity within my own project.

1 Like

Welcome @habdelra! Thanks for reaching out about this.

This definitely shouldn’t be happening. Can you share your package.json please?

1 Like

Sure,

here ya go:

{
  "name": "card-protocol",
  "version": "0.0.1",
  "description": "",
  "main": "index.js",
  "scripts": {
    "build": "rm -rf build && npm run build:zos",
    "build:zos": "zos add RewardPool && zos add ReservePool",
    "test": "npm run lint && npm run-script build && truffle test --network=development",
    "lint": "npm run lint:mocha && npm run lint:sol && npm run lint:js",
    "lint:sol": "solhint 'contracts/**/*.sol' 'test/**/*.sol'",
    "lint:js": "eslint . --cache --ignore-path .gitignore --ext=js",
    "lint:mocha": "if [ -z \"`grep -r 'it.only(' ./test`\" ] && [ -z \"`grep -r 'describe.only(' ./test`\" ]; then exit 0; else echo '\"it.only\" or \"describe.only\" appears in the mocha tests! You are not testing everything.' && exit 1; fi",
    "oraclize": "npx ethereum-bridge -a 9 -H 127.0.0.1 -p 9545 --dev"
  },
  "repository": {
    "type": "git",
    "url": "git+https://github.com/cardstack/card-protocol.git"
  },
  "author": "Hassan Abdel-Rahman",
  "license": "ISC",
  "bugs": {
    "url": "https://github.com/cardstack/card-protocol/issues"
  },
  "homepage": "https://github.com/cardstack/card-protocol#readme",
  "devDependencies": {
    "chai": "^4.2.0",
    "chai-as-promised": "^7.1.1",
    "eslint": "^5.16.0",
    "ethereum-bridge": "^0.6.2",
    "ganache-cli": "^6.4.3",
    "openzeppelin-eth": "^2.1.3",
    "openzeppelin-solidity": "OpenZeppelin/openzeppelin-solidity#v2.3.0-rc.3",
    "scrypt": "^6.0.3",
    "solc": "0.5.8",
    "solhint": "habdelra/solhint#df0ea90c5a2f2a721162c2808701fce8530dc983",
    "truffle": "^5.0.14",
    "web3": "1.0.0-beta.36",
    "zos": "^2.2.3",
    "zos-lib": "^2.2.3"
  }
}
1 Like

Having Truffle as a dev dependency is the correct thing for us. This isn’t working for you due to https://github.com/npm/npm/issues/19564. It should be fixed by https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1755. I’ll try to get it merged soon.

In the meantime, please install the release candidate from npm, it will not cause this error as the package is already built.

You should run npm install openzeppelin-solidity@next or change your dependency to the following.

    "openzeppelin-solidity": "v2.3.0-rc.3",
2 Likes

@habdelra We’d love to know a bit about yourself and what you’re working on in Introduce yourself here! :slight_smile:

2 Likes