Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
'npm audit' is broken since v6.3.0
See original GitHub issueEnvironment
Provide version numbers for the following components (information can be retrieved by running tns info in your project folder or by inspecting the package.json of the project):
- CLI: 6.3.0+
- Cross-platform modules:
- Android Runtime:
- iOS Runtime:
- Plugin(s):
Describe the bug Npm returns the following error when running npm audit on the cloned repo or any other project that has the nativescript cli 6.3.0+ in dependencies/devDependencies:
npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://registry.npmjs.org/) may not support audit requests, or the audit endpoint may be temporarily unavailable.
npm ERR! audit The server said: Invalid package tree, run npm install to rebuild your package-lock.json
Full log:
0 info it worked if it ends with ok
1 verbose cli [ '/Users/nsch/.nvm/versions/node/v10.16.0/bin/node',
1 verbose cli '/Users/nsch/.nvm/versions/node/v10.16.0/bin/npm',
1 verbose cli 'audit' ]
2 info using npm@6.14.2
3 info using node@v10.16.0
4 verbose npm-session 889c098014892da6
5 http fetch POST 400 https://registry.npmjs.org/-/npm/v1/security/audits 480ms
6 verbose stack Error: Your configured registry (https://registry.npmjs.org/) may not support audit requests, or the audit endpoint may be temporarily unavailable.
6 verbose stack The server said: Invalid package tree, run npm install to rebuild your package-lock.json
6 verbose stack at Bluebird.all.spread.then.catch (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/lib/audit.js:204:18)
6 verbose stack at tryCatcher (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
6 verbose stack at Promise._settlePromiseFromHandler (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:517:31)
6 verbose stack at Promise._settlePromise (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:574:18)
6 verbose stack at Promise._settlePromise0 (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:619:10)
6 verbose stack at Promise._settlePromises (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:695:18)
6 verbose stack at _drainQueueStep (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:138:12)
6 verbose stack at _drainQueue (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:131:9)
6 verbose stack at Async._drainQueues (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:147:5)
6 verbose stack at Immediate.Async.drainQueues [as _onImmediate] (/Users/nsch/.nvm/versions/node/v10.16.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
6 verbose stack at runCallback (timers.js:705:18)
6 verbose stack at tryOnImmediate (timers.js:676:5)
6 verbose stack at processImmediate (timers.js:658:5)
7 verbose cwd /Users/nsch/test/test-package
8 verbose Darwin 18.7.0
9 verbose argv "/Users/nsch/.nvm/versions/node/v10.16.0/bin/node" "/Users/nsch/.nvm/versions/node/v10.16.0/bin/npm" "audit"
10 verbose node v10.16.0
11 verbose npm v6.14.2
12 error code ENOAUDIT
13 error audit Your configured registry (https://registry.npmjs.org/) may not support audit requests, or the audit endpoint may be temporarily unavailable.
13 error audit The server said: Invalid package tree, run npm install to rebuild your package-lock.json
14 verbose exit [ 1, true ]
To Reproduce
Add "nativescript": "6.3.0" to any project, run npm install with a clean node_modules folder & run npm audit. Or clone this repo and checkout to any version that is 6.3.0 or higher, run npm install and then run npm audit. On version 6.2.1 everything seems to be working.
Expected behavior
Be able to see a normal npm audit output.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:3
- Comments:9 (2 by maintainers)
Top Results From Across the Web
npm audit: Broken by Design - Overreacted
The way npm audit works is broken. Its rollout as a default after every npm install was rushed, inconsiderate, and inadequate for the ......
Read more >better-npm-audit - npm
NPM has upgraded to version 7 in late 2020 and has breaking changes on the npm audit . The output of npm audit...
Read more >better-npm-audit - npm Package Health Analysis - Snyk
NPM version 6 and 7, and 8. NPM has upgraded to version 7 in late 2020 and has breaking changes on the npm...
Read more >Better-npm-audit NPM
You may find the sample JSON outputs for each NPM versions in our codebase: v6, v7 & v8. Installation. $ npm install --save...
Read more >What did a npm audit fix --force change and how do you fix it?
npm audit is a utility that reads your package.json and checks the version of it's dependencies against a security vulnerability database.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This problem still persists:
The cause seems to be having npm dependencies not specified by version, but via Git URL: See https://github.com/NativeScript/nativescript-cli/blob/master/package.json
With npm version 6.14.12, I am experiencing the same with local tarball files.