Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
NodeAuditAnalyzer fails when hitting a 400 Bad Request where `npm audit` succeeds
See original GitHub issueDescribe the bug
[DependencyCheck] [ERROR] NodeAuditAnalyzer failed on <redacted-path>/package-lock.json
[DependencyCheck] [WARN] An error occurred while analyzing <redacted-path>/package-lock.json' (Node Audit Analyzer).
[DependencyCheck] [INFO] Finished Node Audit Analyzer (0 seconds)
...
Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
There are some similarities with #1632 and #1634, but those have been closed and we’re still having issues with version 5.2.0, hence this ticket.
Version of dependency-check used The problem occurs using version 5.2.0 of the CLI (but it was originally spotted using the Jenkins plugin).
To Reproduce Steps to reproduce the behavior:
- Put the package-lock.json and package.json into a folder.
- Run
npm audit -registry=https://registry.npmjs.org. It succeeds and finds 81 vulnerabilities. - Point the
NodeAuditAnalyzerIT.testAnalyzePackage()test to use thepackage-lock.jsonfile in this folder, and run. Boom.
Expected behavior
- the Node Audit should succeed
- the behaviour should be consistent between
dependency-checkandnpm audit!
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (7 by maintainers)
Top Results From Across the Web
NodeAuditAnalyzer fails when hitting a 400 Bad Request ...
json into a folder. 2. Run npm audit -registry=https://registry.npmjs.org . It succeeds and finds 81 vulnerabilities. 3. Point the ...
Read more >XRAY: Why does Npm audit return a 400 error code? - JFrog
When issuing the command, the npm client will return an error similar to this: Failed to fetch audit report for repo $repo_name. status:...
Read more >npm audit replace nsp check returns with E400 bad request
I'm running an audit inside CI on gitlab but I'm getting this error on npm audit . $ npm audit npm ERR! code...
Read more >NodeAuditAnalyzer xref
NpmPayloadBuilder ; 25 import org.owasp.dependencycheck.dependency. ... 54 @ThreadSafe 55 public class NodeAuditAnalyzer extends AbstractNpmAnalyzer { 56 57 ...
Read more >Bad request error 400 when publishing to npm packages
With changes in package.json publish is successful, thank you. Please register or sign in to reply.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@jeremylong apologies for my last message which turned out to be incorrect. I have just double-checked and it turns out we moved straight from 5.2.0 to 5.2.4, which resolved the issue we had seen. So I guess @skjolber’s issue must be a different variant.
@skjolber 5.2.3 did indeed fix the issue for us. But I haven’t tested with 5.2.4 yet 😬