Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-24918

npm audit should not fail if package.json contains a dependency that can't be found

    XMLWordPrintable

    Details

      Description

      If you run "npm audit" against a package.json that contains a dependency that can't be found in the target repository it will cause the command to fail completely, no data is returned. The logs will contain a warning which is difficult to understand, and a stack trace that is not needed.

      Expected: If a dependency can't be found during npm audit we should note that in the npm audit results, we should not fail the entire audit. A single log line is all that is needed at WARN, the stack should be logged at debug level.

      2020-08-13 10:13:45,530-0500 WARN [qtp2043467374-54] *UNKNOWN org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler - Can't get hashsum for the appId [null] type [npm] name [somepackage] version [1.3.5] package
      org.sonatype.nexus.repository.vulnerability.exceptions.TarballLoadingException: Can't get hashsum for the appId [null] type [npm] name [somepackage] version [1.3.5] package
      at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.download(NpmAuditTarballFacet.java:131)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getAuditRepositoryComponents(NpmAuditFacet.java:238)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getComponentsVulnerabilityFromRemoteServer(NpmAuditFacet.java:211)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.analyzeComponents(NpmAuditFacet.java:186)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.audit(NpmAuditFacet.java:140)
      at org.sonatype.nexus.repository.npm.internal.NpmGroupAuditHandler.handle(NpmGroupAuditHandler.java:41)
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
      at org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler.handle(NpmAuditErrorHandler.java:67)
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
      at org.sonatype.nexus.repository.storage.UnitOfWorkHandler.handle(UnitOfWorkHandler.java:39)
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
      at com.sonatype.analytics.internal.handler.AnalyticsMeteringHandler.handle(AnalyticsMeteringHandler.java:69)
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
      at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:58)
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
      at com.sonatype.analytics.internal.handler.AnalyticsNpmAuditHandler.handle(AnalyticsNpmAuditHandler.java:55)
      at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
      at org.sonatype.nexus.repository.view.Context.start(Context.java:114)
      at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:65)
      at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52)
      at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43)
      at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.dispatchAndSend(ViewServlet.java:213)
      at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.doService(ViewServlet.java:175)
      at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.service(ViewServ

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mdodgson Mark Dodgson
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Joe Tom
              Team:
              NXRM - Trinity
              Votes:
              4 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title

                    PagerDuty