Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24913

npm audit caching prevents policy updates

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.26.0
    • Fix Version/s: 3.29.0
    • Component/s: npm-audit
    • Labels:
      None

      Description

      Due to the caching added to the npm audit implementation https://github.com/sonatype/nexus-internal/blob/59ef3f717a6e2cffc4dd6188ba8aedbfbeb8c2bb/plugins/nexus-repository-npm/src/main/java/org/sonatype/nexus/repository/npm/internal/NpmAuditFacet.java#L265

      any changes to policies on the IQ server will not be reflected back for approx 12 hours (cache timeout). Although policies dont typically get updated often, it could be perceived as not working

        Attachments

          Activity

            People

            Assignee:
            mdodgson Mark Dodgson
            Reporter:
            mdodgson Mark Dodgson
            Last Updated By:
            Joe Tom Joe Tom
            Team:
            NXRM - Gunter
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title