I’m currently facing the issue npm ERR! code EBADENGINE in my STRAPI-project if I want to git push heroku main --f to my heroku-app.

I get this error-message:

Enumerating objects: 123, done.
Counting objects: 100% (123/123), done.
Delta compression using up to 8 threads
Compressing objects: 100% (82/82), done.
Writing objects: 100% (123/123), 178.16 KiB | 6.14 MiB/s, done.
Total 123 (delta 35), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (35/35), done.
remote: Updated 55 paths from d169ead
remote: Compressing source files... done.
remote: Building source:
remote: 
remote: -----> Building on the Heroku-22 stack
remote: -----> Using buildpack: heroku/nodejs
remote: -----> Node.js app detected
remote:        
remote: -----> Creating runtime environment
remote:        
remote:        NPM_CONFIG_LOGLEVEL=error
remote:        NODE_VERBOSE=false
remote:        NODE_ENV=production
remote:        NODE_MODULES_CACHE=true
remote:        
remote: -----> Installing binaries
remote:        engines.node (package.json):   >=18.0.0 <=20.x.x
remote:        engines.npm (package.json):    >=6.0.0
remote:        
remote:        Resolving node version >=18.0.0 <=20.x.x...
remote:        Downloading and installing node 19.9.0...
remote:        Bootstrapping npm >=6.0.0 (replacing 9.6.3)...
remote: npm ERR! code EBADENGINE
remote: npm ERR! engine Unsupported engine
remote: npm ERR! engine Not compatible with your version of node/npm: [email protected]
remote: npm ERR! notsup Not compatible with your version of node/npm: [email protected]
remote: npm ERR! notsup Required: {"node":"^18.17.0 || >=20.5.0"}
remote: npm ERR! notsup Actual:   {"npm":"9.6.3","node":"v19.9.0"}
remote: 
remote: npm ERR! A complete log of this run can be found in: /tmp/npmcache.PqoQd/_logs/2024-06-17T08_05_52_669Z-debug-0.log
remote:        Unable to install npm >=6.0.0.  Does npm >=6.0.0 exist?  Is npm >=6.0.0 compatible with this Node.js version?
remote: 
remote: -----> Build failed
remote:        
remote:        We're sorry this build is failing! You can troubleshoot common issues here:
remote:        https://devcenter.heroku.com/articles/troubleshooting-node-deploys
remote:        
remote:        Some possible problems:
remote:        
remote:        - Dangerous semver range (>) in engines.node
remote:          devcenter.heroku.com/articles/nodejs-support#specifying-a-node-js-version
remote:        
remote:        Love,
remote:        Heroku
remote:        
remote:  !     Push rejected, failed to compile Node.js app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !       Push rejected to <private>.
remote: 
To git.heroku.com/<private>.git
 ! [remote rejected] main -> main (pre-receive hook declined)
error: failed to push some refs to 'git.heroku.com/<private>'

I tried following steps to solve the problem but they didn’t work for me:

1. add engine to package.json

{
  "homepage": "https://www.enian-gashi.xyz/",
  "name": "dj-service-land-production",
  "private": true,
  "version": "0.0.0",
  "engines": {
    "node": "20.11.1",
    "npm": "10.2.4"
  },
  "type": "module",
  "scripts": {
    "dev": "vite",
    "build": "vite build",
    "lint": "eslint . --ext js,jsx --report-unused-disable-directives --max-warnings 0",
    "preview": "vite preview",
    "prod": "vite dev --host 0.0.0.0 --port 8080"
  },
  "dependencies": {
    "@botpoison/browser": "^0.1.30",
    "@gsap/react": "^2.1.1",
    "@vitejs/plugin-vue-jsx": "^3.1.0",
    "axios": "^1.7.2",
    "body-parser": "^1.20.2",
    "connect-history-api-fallback": "^2.0.0",
    "cors": "^2.8.5",
    "express": "^4.19.2",
    "gsap": "^3.12.5",
    "http-proxy-middleware": "^3.0.0",
    "nodemailer": "^6.9.13",
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "react-helmet-async": "^2.0.5",
    "react-icons": "^5.2.1",
    "react-router": "^6.23.1",
    "react-router-dom": "^6.23.1",
    "strapi-plugin-populate-deep": "^3.0.1",
    "swiper": "^11.1.4",
    "vite-plugin-image-optimizer": "^1.1.8"
  },
  "devDependencies": {
    "@types/react": "^18.2.66",
    "@types/react-dom": "^18.2.22",
    "@vitejs/plugin-react": "^4.2.1",
    "autoprefixer": "^10.4.19",
    "eslint": "^8.57.0",
    "eslint-plugin-react": "^7.34.1",
    "eslint-plugin-react-hooks": "^4.6.0",
    "eslint-plugin-react-refresh": "^0.4.6",
    "postcss": "^8.4.38",
    "sharp": "^0.33.4",
    "svgo": "^3.3.2",
    "tailwindcss": "^3.4.3",
    "vite": "^5.2.0"
  },
  "proxy": "http://localhost:5000"
}

2. reinstall dependencies by rm -rf node_modules package-lock.json and npm install
   I also get several npm-related warning-messages

# npm audit report

braces  <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/findup-sync/node_modules/braces
  micromatch  0.2.0 - 3.1.10
  Depends on vulnerable versions of braces
  node_modules/findup-sync/node_modules/micromatch
    findup-sync  0.4.0 - 3.0.0
    Depends on vulnerable versions of micromatch
    node_modules/findup-sync
      liftoff  2.2.3 - 3.1.0
      Depends on vulnerable versions of findup-sync
      node_modules/liftoff
        plop  2.3.0 - 2.7.6
        Depends on vulnerable versions of liftoff
        node_modules/plop
          @strapi/generators  *
          Depends on vulnerable versions of plop
          node_modules/@strapi/generators
            @strapi/plugin-content-type-builder  *
            Depends on vulnerable versions of @strapi/generators
            node_modules/@strapi/plugin-content-type-builder
              @strapi/strapi  *
              Depends on vulnerable versions of @strapi/admin
              Depends on vulnerable versions of @strapi/cloud-cli
              Depends on vulnerable versions of @strapi/content-releases
              Depends on vulnerable versions of @strapi/data-transfer
              Depends on vulnerable versions of @strapi/generate-new
              Depends on vulnerable versions of @strapi/generators
              Depends on vulnerable versions of @strapi/plugin-content-type-builder
              node_modules/@strapi/strapi
                @strapi/data-transfer  *
                Depends on vulnerable versions of @strapi/strapi
                Depends on vulnerable versions of tar
                node_modules/@strapi/data-transfer
                  @strapi/admin  <=0.0.0-next.ff946d2c25a3e577b47132a357cac2932eb8e635 || >=4.6.0-alpha.0
                  Depends on vulnerable versions of @strapi/data-transfer
                  node_modules/@strapi/admin
                    @strapi/content-releases  <=0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54 || >=4.18.1-beta.0
                    Depends on vulnerable versions of @strapi/admin
                    node_modules/@strapi/content-releases

tar  <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/tar
  @strapi/cloud-cli  <=0.0.0-next.a64ced5364618f917adb31b8684b4e3c01c58862 || >=4.24.5
  Depends on vulnerable versions of tar
  node_modules/@strapi/cloud-cli
  @strapi/generate-new  *
  Depends on vulnerable versions of tar
  node_modules/@strapi/generate-new

14 vulnerabilities (6 moderate, 8 high)

Add. info:
I removed the https: tags from every link to prevent from being blocked by the spamming filter.