Hello,
Is node-red v2.2.3 the latest version for Dietpi? As I’ve been advised to upgrade to v3.0 to install a node (small timer).
I’ve run dietpi-software reinstall 122 but after the services restart I still see v2.2.3
Thanks
Ian
We don’t install any specific version and there is no DietPi own version. We use Node.js to install Node-Red
sudo -u nodered npm i --no-audit node-red
Can you share some more system details
Required
- DietPi version |
cat /boot/dietpi/.version - Distro version |
echo $G_DISTRO_NAME $G_RASPBIAN - Kernel version |
uname -a - Architecture |
dpkg --print-architecture - SBC model |
echo $G_HW_MODEL_NAMEor (EG: RPi3)
On my RPi4 test system, Node-red version 3.0.2 has been installed successfully.
I just tried
sudo -u nodered npm i --no-audit node-red
And got this permission error, I always run as root,
npm ERR! code EACCES
npm ERR! syscall mkdir
npm ERR! path /root/node_modules/node-red
npm ERR! errno -13
npm ERR! Error: EACCES: permission denied, mkdir '/root/node_modules/node-red'
npm ERR! [Error: EACCES: permission denied, mkdir '/root/node_modules/node-red'] {
npm ERR! errno: -13,
npm ERR! code: 'EACCES',
npm ERR! syscall: 'mkdir',
npm ERR! path: '/root/node_modules/node-red'
npm ERR! }
npm ERR!
npm ERR! The operation was rejected by your operating system.
npm ERR! It is likely you do not have the permissions to access this file as the current user
npm ERR!
npm ERR! If you believe this might be a permissions issue, please double-check the
npm ERR! permissions of the file and its containing directories, or try running
npm ERR! the command again as root/Administrator.
npm ERR! A complete log of this run can be found in: /mnt/dietpi_userdata/node-red/.npm/_logs/2023-06-25T17_41_06_988Z-debug-0.log
DietPi version | G_DIETPI_VERSION_CORE=8 G_DIETPI_VERSION_SUB=18 G_DIETPI_VERSION_RC=2 G_GITBRANCH='master' G_GITOWNER='MichaIng' G_LIVE_PATCH_STATUS[0]='not applicable'
Distro version | bullseye 0
Kernel version | Linux DietPi 6.1.21-v7+ #1642 SMP Mon Apr 3 17:20:52 BST 2023 armv7l GNU/Linux
Architecture | armhf
SBC model |RPi 3 Model B (armv7l)
you need to change into Node-Red directory first 
cd /mnt/dietpi_userdata/node-red
sudo -u nodered npm i --no-audit node-red
Oops embarrassing, now it ran with the result up to date in 8s
Still on v2.2.3 though 
Maybe a limitation on 32bit. Would need to check on a test system
I thought I was running on 64Bit, is it reasonably straightforward to upgrade to 64Bit?
A direct upgrade to 64bit is not possible. This would require a new installation.
Ok I’ll set it up on a second RPi, can I also run the system from an external SSD?
Depends on RPI model but usually it should be possible.
Just did a test on a RPi3B+ 32bit and got Node-Red 3.0.2 installed. Means it’s not architecture related, but there seems to be something special about your installation 
Hmm strange, I haven’t installed any software outside of DietPi software.
Is there a system check/logs command I could use to try and see why?
can you try following
cd /mnt/dietpi_userdata/node-red
sudo -u nodered npm update node-red
BTW: how does new installation on 64bit is going?
I tried
cd /mnt/dietpi_userdata/node-red
sudo -u nodered npm update node-red
But I’m afraid it’s still on v2.2.3
Just did a basic 64bit install with only node red and it’s v3.0.2
I tried it again and saw an “audit” error and run npm audit fix and then npm audit fix --force which ended in errors.
Here’s the whole log it’s quite long!
root@DietPi:~# cd /mnt/dietpi_userdata/node-red
root@DietPi:/mnt/dietpi_userdata/node-red# sudo -u nodered npm update node-red
up to date, audited 649 packages in 23s
45 packages are looking for funding
run `npm fund` for details
42 vulnerabilities (1 low, 19 moderate, 21 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
root@DietPi:/mnt/dietpi_userdata/node-red# npm audit fix
added 1 package, changed 37 packages, and audited 650 packages in 28s
45 packages are looking for funding
run `npm fund` for details
# npm audit report
dicer *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
fix available via `npm audit fix --force`
Will install node-red@0.10.2, which is a breaking change
node_modules/dicer
busboy <=0.3.1
Depends on vulnerable versions of dicer
node_modules/busboy
multer <=2.0.0-rc.3
Depends on vulnerable versions of busboy
node_modules/multer
@node-red/editor-api <=3.0.2
Depends on vulnerable versions of @node-red/util
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of express
Depends on vulnerable versions of multer
Depends on vulnerable versions of passport
node_modules/@node-red/editor-api
node-red >=0.11.0
Depends on vulnerable versions of @node-red/editor-api
Depends on vulnerable versions of @node-red/nodes
Depends on vulnerable versions of @node-red/runtime
Depends on vulnerable versions of @node-red/util
Depends on vulnerable versions of express
Depends on vulnerable versions of semver
node_modules/node-red
@node-red/nodes <=3.1.0-beta.2
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of got
Depends on vulnerable versions of multer
Depends on vulnerable versions of xml2js
node_modules/@node-red/nodes
follow-redirects <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
fix available via `npm audit fix --force`
Will install ttb-ifttt@0.0.1, which is a breaking change
node_modules/ttb-ifttt/node_modules/follow-redirects
ttb-ifttt >=0.1.0
Depends on vulnerable versions of follow-redirects
node_modules/ttb-ifttt
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
No fix available
node_modules/glob-stream/node_modules/glob-parent
glob-stream 5.3.0 - 6.1.0
Depends on vulnerable versions of glob-parent
node_modules/glob-stream
help-me 1.0.0 - 1.1.0
Depends on vulnerable versions of glob-stream
node_modules/@arduino/node-red-contrib-arduino-iot-cloud/node_modules/help-me
mqtt 1.14.1 - 4.2.6
Depends on vulnerable versions of help-me
node_modules/@arduino/node-red-contrib-arduino-iot-cloud/node_modules/mqtt
@arduino/node-red-contrib-arduino-iot-cloud *
Depends on vulnerable versions of mqtt
node_modules/@arduino/node-red-contrib-arduino-iot-cloud
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install node-red@0.10.2, which is a breaking change
node_modules/got
moment-timezone 0.1.0 - 0.5.34
Severity: moderate
Command Injection in moment-timezone - https://github.com/advisories/GHSA-56x4-j7p9-fcf9
Cleartext Transmission of Sensitive Information in moment-timezone - https://github.com/advisories/GHSA-v78c-4p63-2j6c
fix available via `npm audit fix --force`
Will install node-red@0.10.2, which is a breaking change
node_modules/moment-timezone
@node-red/util 1.2.4 - 3.0.2
Depends on vulnerable versions of moment-timezone
node_modules/@node-red/util
@node-red/registry *
Depends on vulnerable versions of @node-red/util
Depends on vulnerable versions of semver
node_modules/@node-red/registry
@node-red/runtime *
Depends on vulnerable versions of @node-red/registry
Depends on vulnerable versions of @node-red/util
Depends on vulnerable versions of express
node_modules/@node-red/runtime
passport <0.6.0
Severity: moderate
Passport before 0.6.0 vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install node-red@0.10.2, which is a breaking change
node_modules/passport
qs 6.9.0 - 6.9.6
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install node-red@0.10.2, which is a breaking change
node_modules/qs
body-parser 1.19.1 || 2.0.0-beta.1
Depends on vulnerable versions of qs
node_modules/body-parser
express 4.17.2 || >=5.0.0-alpha.1
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of qs
node_modules/express
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
lint 0.6.0 - 0.8.19
Depends on vulnerable versions of request
Depends on vulnerable versions of simple-git
node_modules/lint
node-red-contrib-wled3 *
Depends on vulnerable versions of lint
node_modules/node-red-contrib-wled3
node-red-contrib-blynk-api >=0.0.8
Depends on vulnerable versions of request
node_modules/node-red-contrib-blynk-api
node-red-contrib-whatsapp-cmb *
Depends on vulnerable versions of request
node_modules/node-red-contrib-whatsapp-cmb
node-red-node-openweathermap >=0.1.20
Depends on vulnerable versions of request
node_modules/node-red-node-openweathermap
semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install node-red@0.10.2, which is a breaking change
node_modules/@babel/cli/node_modules/semver
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/semver
@babel/core *
Depends on vulnerable versions of @babel/helper-compilation-targets
Depends on vulnerable versions of semver
node_modules/@babel/core
@babel/helper-compilation-targets *
Depends on vulnerable versions of @babel/core
Depends on vulnerable versions of semver
node_modules/@babel/helper-compilation-targets
make-dir 2.0.0 - 3.1.0
Depends on vulnerable versions of semver
node_modules/@babel/cli/node_modules/make-dir
node_modules/make-dir
@babel/cli >=7.7.0
Depends on vulnerable versions of make-dir
node_modules/@babel/cli
@mapbox/node-pre-gyp >=1.0.1
Depends on vulnerable versions of make-dir
node_modules/@mapbox/node-pre-gyp
simple-git <=3.15.1
Severity: critical
Command injection in simple-git - https://github.com/advisories/GHSA-3f95-r44v-8mrg
Command injection in simple-git - https://github.com/advisories/GHSA-28xr-mwxg-3qc8
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol - https://github.com/advisories/GHSA-9p95-fxvg-qgq2
Remote code execution in simple-git - https://github.com/advisories/GHSA-9w5j-4mwv-2wj8
No fix available
node_modules/simple-git
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install node-red@0.10.2, which is a breaking change
node_modules/xml2js
36 vulnerabilities (1 low, 16 moderate, 18 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
root@DietPi:/mnt/dietpi_userdata/node-red# npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating node-red to 0.10.2, which is a SemVer major change.
npm WARN audit Updating ttb-ifttt to 0.0.1, which is a SemVer major change.
npm WARN audit Updating node-red-contrib-blynk-api to 0.0.7, which is a SemVer major change.
npm WARN audit Updating node-red-node-openweathermap to 0.1.19, which is a SemVer major change.
npm WARN audit No fix available for node-red-contrib-whatsapp-cmb@*
npm WARN audit No fix available for node-red-contrib-wled3@*
npm WARN audit No fix available for @arduino/node-red-contrib-arduino-iot-cloud@*
npm WARN deprecated serialport@1.4.10: This version is no longer supported, to receive security updates and bug fixes upgrade to the latest version.
npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x.
npm WARN deprecated native-or-bluebird@1.1.2: 'native-or-bluebird' is deprecated. Please use 'any-promise' instead.
npm WARN deprecated cryptiles@0.2.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@0.2.4: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated scmp@1.0.0: scmp v2 uses improved core crypto comparison since Node v6.6.0
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated buildmail@1.3.0: This project is unmaintained
npm WARN deprecated boom@0.4.2: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated hawk@1.1.1: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated hoek@0.9.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated CSSwhat@0.4.7: the module is now available as 'css-what'
npm WARN deprecated nodemailer@1.3.0: All versions below 4.0.1 of Nodemailer are deprecated. See https://nodemailer.com/status/
npm WARN deprecated mkdirp@0.5.0: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated request@2.42.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated mkdirp@0.5.0: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated CSSselect@0.4.1: the module is now available as 'css-select'
npm WARN deprecated connect@2.26.1: connect 2.x series is deprecated
npm ERR! code 1
npm ERR! path /mnt/Crucial_120GB/dietpi_userdata/node-red/node_modules/serialport
npm ERR! command failed
npm ERR! command sh -c node-pre-gyp install --fallback-to-build
npm ERR! Failed to execute '/usr/local/bin/node rebuild --name=serialport --configuration=Release --module_name=serialport --version=1.4.10 --major=1 --minor=4 --patch=10 --runtime=node --node_abi=node-v115 --platform=linux --target_platform=linux --arch=arm --target_arch=arm --module_main=./serialport --host=https://node-serialport.s3.amazonaws.com/ --module_path=/mnt/Crucial_120GB/dietpi_userdata/node-red/node_modules/serialport/build/serialport/v1.4.10/Release/node-v115-linux-arm --remote_path=./serialport/v1.4.10/Release/ --package_name=node-v115-linux-arm.tar.gz --staged_tarball=build/stage/serialport/v1.4.10/Release/node-v115-linux-arm.tar.gz --hosted_path=https://node-serialport.s3.amazonaws.com/serialport/v1.4.10/Release/ --hosted_tarball=https://node-serialport.s3.amazonaws.com/serialport/v1.4.10/Release/node-v115-linux-arm.tar.gz' (1)
npm ERR! node-pre-gyp info it worked if it ends with ok
npm ERR! node-pre-gyp info using node-pre-gyp@0.5.19
npm ERR! node-pre-gyp info using node@20.3.1 | linux | arm
npm ERR! (node:2434) Warning: Accessing non-existent property 'Reader' of module exports inside circular dependency
npm ERR! (Use `node --trace-warnings ...` to show where the warning was created)
npm ERR! (node:2434) Warning: Accessing non-existent property 'Reader' of module exports inside circular dependency
npm ERR! node-pre-gyp info check checked for "/mnt/Crucial_120GB/dietpi_userdata/node-red/node_modules/serialport/build/serialport/v1.4.10/Release/node-v115-linux-arm/serialport.node" (not found)
npm ERR! node-pre-gyp http GET https://node-serialport.s3.amazonaws.com/serialport/v1.4.10/Release/node-v115-linux-arm.tar.gz
npm ERR! node-pre-gyp http 403 https://node-serialport.s3.amazonaws.com/serialport/v1.4.10/Release/node-v115-linux-arm.tar.gz
npm ERR! node-pre-gyp http 403 status code downloading tarball (falling back to source compile with node-gyp)
npm ERR! node-pre-gyp http Connection closed while downloading tarball file (falling back to source compile with node-gyp)
npm ERR! node-pre-gyp ERR! build error
npm ERR! node-pre-gyp ERR! stack Error: Failed to execute '/usr/local/bin/node rebuild --name=serialport --configuration=Release --module_name=serialport --version=1.4.10 --major=1 --minor=4 --patch=10 --runtime=node --node_abi=node-v115 --platform=linux --target_platform=linux --arch=arm --target_arch=arm --module_main=./serialport --host=https://node-serialport.s3.amazonaws.com/ --module_path=/mnt/Crucial_120GB/dietpi_userdata/node-red/node_modules/serialport/build/serialport/v1.4.10/Release/node-v115-linux-arm --remote_path=./serialport/v1.4.10/Release/ --package_name=node-v115-linux-arm.tar.gz --staged_tarball=build/stage/serialport/v1.4.10/Release/node-v115-linux-arm.tar.gz --hosted_path=https://node-serialport.s3.amazonaws.com/serialport/v1.4.10/Release/ --hosted_tarball=https://node-serialport.s3.amazonaws.com/serialport/v1.4.10/Release/node-v115-linux-arm.tar.gz' (1)
npm ERR! node-pre-gyp ERR! stack at ChildProcess.<anonymous> (/mnt/Crucial_120GB/dietpi_userdata/node-red/node_modules/serialport/node_modules/node-pre-gyp/lib/util/compile.js:76:29)
npm ERR! node-pre-gyp ERR! stack at ChildProcess.emit (node:events:511:28)
npm ERR! node-pre-gyp ERR! stack at maybeClose (node:internal/child_process:1098:16)
npm ERR! node-pre-gyp ERR! stack at Socket.<anonymous> (node:internal/child_process:456:11)
npm ERR! node-pre-gyp ERR! stack at Socket.emit (node:events:511:28)
npm ERR! node-pre-gyp ERR! stack at Pipe.<anonymous> (node:net:334:12)
npm ERR! node-pre-gyp ERR! System Linux 6.1.21-v8+
npm ERR! node-pre-gyp ERR! command "/usr/local/bin/node" "/mnt/Crucial_120GB/dietpi_userdata/node-red/node_modules/serialport/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build"
npm ERR! node-pre-gyp ERR! cwd /mnt/Crucial_120GB/dietpi_userdata/node-red/node_modules/serialport
npm ERR! node-pre-gyp ERR! node -v v20.3.1
npm ERR! node-pre-gyp ERR! node-pre-gyp -v v0.5.19
npm ERR! node-pre-gyp ERR! not ok
npm ERR! A complete log of this run can be found in: /root/.npm/_logs/2023-07-01T19_54_50_943Z-debug-0.log
Looks like your system is trying to update a serialport npm module. However, access to the web resource is not allowed (HTTP 403). Perhaps this is preventing the update?
Thanks,
Would you know how to allow it?
Trying to access this via browser throws a soft “access denied” as well .
My initial idea actually was that in some circumstances, trying to update an existing local Node environment has not the same result as doing a fresh install. Probably removing all local NPM modules and reinstalling Node-RED would get you unstuck. But also additional modules would need to be reinstalled.
Another idea may be that some globally installed modules cause dependency issues with local module updates. At some point we switched Node-RED from being installed globally to being installed locally, and NPM does not seem to always update/override global modules with local ones, even if this would allow further upgrades.
Something we or you are not able to change. Maybe the resource doesn’t exist anymore. Just looking around and it seems serialport@1.4.10 is quite an old version (from 2015 or something like that). Did you recall to have installed this module?