Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-31208

`npm audit` against a npm-proxy or npm-group repo results in creation of disabled repo in IQ Server repository list

    Details

    • Notability:
      3

      Description

      1. Connect Nexus Repository to IQ Server with Firewall license
      2. Create an npm Group or npm proxy repository
      3. run npm audit, or npm install commands ( which imply audit ) against the group repository URL
      4. Check the repo list in IQ Server and you will see an entry for the npm group/proxy repository that is marked as "Disabled"

      If a user runs `npm audit` against an NPM group repo, Nexus will make an ad-hoc repo evaluation against IQ using the name of the npm proxy/group repo.  As a result, the npm proxy/group repo will show as Disabled on the IQ side ( Firewall Repositories List ). This Disabled state is confusing since the quarantine/firewall capability in Nexus Repository can't be enabled explicitly on group repos.

      Expected

      If Npm proxy or group repos are going to be created in IQ Server and shown Disabled as a result of npm audit commands, then render them in the repositories list in an intuitive way so that end users know why they are there, the impact of deleting them if any, and context around these etc.

      Or don't render them in the list to avoid confusion.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jkruger John Kruger
            CC:
            Phil Van Helden
            Last Updated By:
            Denise Chang Denise Chang
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title