If you run "npm audit" against a package.json that contains a dependency that can't be found in the target repository it will cause the command to fail completely, no data is returned. The logs will contain a warning which is difficult to understand, and a stack trace that is not needed.
Expected: If a dependency can't be found during npm audit we should note that in the npm audit results, we should not fail the entire audit. A single log line is all that is needed at WARN, the stack should be logged at debug level.
2020-08-13 10:13:45,530-0500 WARN [qtp2043467374-54] *UNKNOWN org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler - Can't get hashsum for the appId [null] type [npm] name [somepackage] version [1.3.5] package
org.sonatype.nexus.repository.vulnerability.exceptions.TarballLoadingException: Can't get hashsum for the appId [null] type [npm] name [somepackage] version [1.3.5] package
at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.download(NpmAuditTarballFacet.java:131)
at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getAuditRepositoryComponents(NpmAuditFacet.java:238)
at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getComponentsVulnerabilityFromRemoteServer(NpmAuditFacet.java:211)
at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.analyzeComponents(NpmAuditFacet.java:186)
at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.audit(NpmAuditFacet.java:140)
at org.sonatype.nexus.repository.npm.internal.NpmGroupAuditHandler.handle(NpmGroupAuditHandler.java:41)
at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
at org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler.handle(NpmAuditErrorHandler.java:67)
at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
at org.sonatype.nexus.repository.storage.UnitOfWorkHandler.handle(UnitOfWorkHandler.java:39)
at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
at com.sonatype.analytics.internal.handler.AnalyticsMeteringHandler.handle(AnalyticsMeteringHandler.java:69)
at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:58)
at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
at com.sonatype.analytics.internal.handler.AnalyticsNpmAuditHandler.handle(AnalyticsNpmAuditHandler.java:55)
at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
at org.sonatype.nexus.repository.view.Context.start(Context.java:114)
at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:65)
at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52)
at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43)
at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.dispatchAndSend(ViewServlet.java:213)
at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.doService(ViewServlet.java:175)
at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.service(ViewServ
- is related to
-
NEXUS-24830 npm audit error with quarantined components
-
- Closed
-
- mentioned in
-
Page Loading...