The NPM repository is seeing another massive project crash due to a problem with a new version of a popular dependency. The source of the problems was the new release of the mini-css-extract-plugin 2.5.0 package, designed to extract CSS into separate files. The package has more than 10 million weekly downloads and is used as a direct dependency for more than 7 projects.
In the new version, changes were made that violated backward compatibility when importing the library and led to an error when trying to use the previously valid construction "const MiniCssExtractPlugin = require('mini-css-extract-plugin')" described in the documentation, which, when switching to the new version needed to be replaced with "const MiniCssExtractPlugin = require("mini-css-extract-plugin").default".
The problem manifested itself in projects that do not explicitly bind to the version number when including dependencies. As a workaround, it is recommended to fix the binding to the past version 2.4.5 by adding '"overrides": {"mini-css-extract-plugin": "2.4.5"}' in Yarn or using the command "npm i -D --save-exact [email protected]Β» in NPM.
Among the victims were users of the create-react-app package developed by Facebook, which includes the mini-css-extract-plugin as a dependency. Due to the lack of binding to the mini-css-extract-plugin version number, attempts to run create-react-app ended with the error "TypeError: MiniCssExtractPlugin is not a constructor". The problem also affected packages @wordpress/scripts, @auth0/auth0-spa-js, sql-formatter-gui, LedgerSMB, vip-go-mu-plugins, cybros, vue-cli, chore, etc.
Source: opennet.ru