Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Errors from node checker
See original GitHub issueDescribe the bug When analyzing my project, I got lot of errors ( on M3, but not on M2, or less verbose )
First, I always get lot of warnings, like #1851 , Second
I got this :
[INFO] Finished NVD CVE Analyzer (0 seconds)
[ERROR] NodeAuditAnalyzer failed on /project/package-lock.json
[WARN] An error occurred while analyzing '/project//package-lock.json' (Node Audit Analyzer).
[ERROR] NodeAuditAnalyzer failed on /project/package-lock.json
[WARN] An error occurred while analyzing '/project//package-lock.json' (Node Audit Analyzer).
Error and warn are repeated 23 times .
After, I get this error :
[WARN] Failed to fetch component-report for: pkg:npm/%40babel/helpers@7.4.4
java.lang.IllegalStateException: Missing component-report for: pkg:npm/%40babel/helpers@7.4.4
at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.enrich(OssIndexAnalyzer.java:231)
at org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:161)
at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:138)
at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Same error, for 84 differents packages
At the end I got :
[INFO] Analysis Complete (131 seconds)
[ERROR] Could not perform Node Audit analysis - service returned a 503.
[ERROR] Could not perform Node Audit analysis - service returned a 503.
[ERROR] Could not perform Node Audit analysis - service returned a 503.
The error is repeated 23 times .
** Version of dependency-check used ** The problem occurs using version 5.0.0-M3 of the the cli
** Log file **
Hum, I’ve start the cli with the -l <file> option … but doesn’t end, and produce a file with more than 500mb … So I’ll retry with less dependencies
To Reproduce –> I’m investigating ----> In fact, it seems the Node Audit analysis spam npm, so with a real project, we can’t finished the analysis … Because only the first libraries are scanned …
Expected behavior No errors ( or trying )
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Another possible solution is to include a new parameter in the CLI that allows you to specify the npm audit registry. Then we could point to a proxy such as:
–registry https://peterton.nl
It appear that the solution at http://www.peterton.nl may be helpful in this case.
As of now, the NodeAuditAnalyzer is not usable so that really lowers the value for Javascript projects.
Thanks