Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-26177

Deleting an npm repository or invalidating the cache breaks npm audit

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.29.0, 3.29.1
    • Fix Version/s: 3.31.0
    • Component/s: NPM, npm-audit
    • Labels:
    • Notability:
      2

      Description

      If a user deletes an NPM repository, or invalidates the cache on an NPM repository then audit will be broken for all other other NPM repositories.

      A shared cache is being closed - https://github.com/sonatype/nexus-public/blob/master/plugins/nexus-repository-npm/src/main/java/org/sonatype/nexus/repository/npm/internal/NpmAuditFacet.java#L357

      karaf@root()> 2020-12-17 10:08:51,610-0500 ERROR [qtp94094158-214] *UNKNOWN org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler - Cache[npm-audit-data] is closed                                                  
      java.lang.IllegalStateException: Cache[npm-audit-data] is closed
              at org.ehcache.jsr107.Eh107Cache.checkClosed(Eh107Cache.java:543)
              at org.ehcache.jsr107.Eh107Cache.get(Eh107Cache.java:88)
              at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.analyzeComponents(NpmAuditFacet.java:204)
              at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.audit(NpmAuditFacet.java:163)
              at org.sonatype.nexus.repository.npm.internal.NpmGroupAuditHandler.handle(NpmGroupAuditHandler.java:41)
              at org.sonatype.nexus.repository.view.Context.proceed(Context.java:88)
              at org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler.handle(NpmAuditErrorHandler.java:67)
      

      Workaround

      Restart NXRM

        Attachments

          Activity

            People

            Assignee:
            sonofreichuk Sergii Onofreichuk
            Reporter:
            mpiggott Matthew Piggott
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title