Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24402

npm audit stacktrace in Nexus logs

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 3.24.0
    • Fix Version/s: None
    • Component/s: Logging
    • Labels:
    • Notability:
      3

      Description

      When "npm audit" command it run against Nexus with no connection to Nexus Firewall or nexus Lifecycle, you get the following warning with stack trace  in the Nexus logs.  Only a warning message should be logged with no stacktrace.

      2020-06-24 02:30:39,449+0200 WARN [qtp1013169235-6985885] npm-deploy com.sonatype.nexus.clm.vulnerability.RepositoryComponentVulnerabilityLi
      stener - NXRM serves npm audit data using Nexus Intelligence (https://links.sonatype.com/nexus-intelligence) and requires either Nexus Firewal
      l or Nexus Lifecycle.
      org.sonatype.nexus.repository.vulnerability.exceptions.CompatibilityException: NXRM serves npm audit data using Nexus Intelligence (https://links.sonatype.com/nexus-intelligence) and requires either Nexus Firewall or Nexus Lifecycle.
      at com.sonatype.nexus.clm.vulnerability.service.ClmService.validateConfiguration(ClmService.java:193)
      at com.sonatype.nexus.clm.vulnerability.RepositoryComponentVulnerabilityListener.processRequest(RepositoryComponentVulnerabilityListen
      er.java:91)
      at com.sonatype.nexus.clm.vulnerability.RepositoryComponentVulnerabilityListener.on(RepositoryComponentVulnerabilityListener.java:75)

      ...

       

       

      2020-06-26 00:01:43,593+0200 WARN [qtp997663923-22931] npm-deploy org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler - Can't get hashsum for the type [npm] name [jsonstream] version [1.3.5] package
      org.sonatype.nexus.repository.vulnerability.exceptions.TarballLoadingException: Can't get hashsum for the type [npm] name [jsonstream] version [1.3.5] package
      at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.download(NpmAuditTarballFacet.java:131)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getAuditRepositoryComponents(NpmAuditFacet.java:184)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getComponentsVulnerabilityFromRemoteServer(NpmAuditFacet.java:157)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.analyzeComponents(NpmAuditFacet.java:143)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.audit(NpmAuditFacet.java:112)
      at org.sonatype.nexus.repository.npm.internal.NpmGroupAuditHandler.handle(NpmGroupAuditHandler.java:38)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              msurani Mahendra Surani
              Last Updated By:
              Stuart McCulloch Stuart McCulloch
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title