Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error with "npm audit"

See original GitHub issue

Describe the bug

When running “npm audit” in my dev-project, it works fine if the registry is set to “https://registry.npmjs.org” But I get the following error when running “npm audit” after running “npm set registry PRIVATE-VERDACCIO-REGISTRY” -

npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (PRIVATE-VERDACCIO-REGISTRY) does not support audit requests, or the audit endpoint is temporarily unavailable.

npm ERR! A complete log of this run can be found in:
npm ERR! /Users/**

This error is new, and wasn’t there before I upgraded verdaccio to the latest release, so not sure what I’m missing

To Reproduce Steps to reproduce the behavior:

npm set registry PRIVATE-VERDACCIO-REGISTRY
npm install
npm audit

Expected behavior When i ran “npm install; npm audit”, I had expected back list of vulnerabilities like -

=== npm audit security report ===

Run npm install express-fileupload@1.1.6 to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ express-fileupload │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-fileupload │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ express-fileupload │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1216 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 323 scanned packages
1 vulnerability requires semver-major dependency updates.

Docker || Kubernetes (please complete the following information):

I’m running private registry Verdaccio 4.7.2 in a AWS ECS container created off of dockerhub image verdaccio/verdaccio

Configuration File (cat ~/.config/verdaccio/config.yaml) /opt/verdaccio # cat /verdaccio/conf/config.yaml

This is the config file used for the docker images.
It allows all users to do anything, so don't use it on production systems.
Do not configure host and port under listen in this file
as it will be ignored when using docker.
see https://github.com/verdaccio/verdaccio/blob/master/wiki/docker.md#docker-and-custom-port-configuration
Look here for more config file examples:
https://github.com/verdaccio/verdaccio/tree/master/conf
path to a directory with all packages
storage: /verdaccio/storage

store:
aws-s3-storage:
bucket: private-npm-registry
region: us-west-1 # US West (N. California)

web:

WebUI is enabled as default, if you want disable it, just uncomment this line
title: NPM Registry
logo: https://xxx.cloudfront.net/wp-content/themes/xxx/assets/img/logo.svg

auth:
htpasswd:
file: /verdaccio/conf/htpasswd

max_users: -1
a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/

packages:
'@/':
access: $authenticated
publish: $authenticated
proxy: npmjs

'**':
access: $authenticated

publish: $authenticated

proxy: npmjs
middlewares:
audit:
enabled: true

logs:

{type: stdout, format: pretty, level: http}

Debugging output

$ NODE_DEBUG=request verdaccio display request calls (verdaccio <–> uplinks) $ DEBUG=express:* verdaccio enable extreme verdaccio debug mode (verdaccio api) $ npm -ddd prints:

npm info it worked if it ends with ok
npm verb cli [
npm verb cli   '/usr/local/Cellar/node/12.5.0/bin/node',
npm verb cli   '/usr/local/bin/npm',
npm verb cli   '-ddd'
npm verb cli ]
npm info using npm@6.9.0
npm info using node@v12.5.0

Usage: npm <command>

where <command> is one of:
    access, adduser, audit, bin, bugs, c, cache, ci, cit,
    clean-install, clean-install-test, completion, config,
    create, ddp, dedupe, deprecate, dist-tag, docs, doctor,
    edit, explore, get, help, help-search, hook, i, init,
    install, install-ci-test, install-test, it, link, list, ln,
    login, logout, ls, org, outdated, owner, pack, ping, prefix,
    profile, prune, publish, rb, rebuild, repo, restart, root,
    run, run-script, s, se, search, set, shrinkwrap, star,
    stars, start, stop, t, team, test, token, tst, un,
    uninstall, unpublish, unstar, up, update, v, version, view,
    whoami

npm <command> -h  quick help on <command>
npm -l            display full usage info
npm help <term>   search for help on <term>
npm help npm      involved overview

Specify configs in the ini-formatted file:
    /path/.npmrc
or on the command line via: npm <command> --key value
Config info can be viewed via: npm help config

$ npm config get registry prints: PRIVATE-VERDACCIO-REGISTRY

Additional context The log file that was generated upon running of “npm audit” has the following content - cat .npm/_logs/2020-07-01T00_53_25_931Z-debug.log

0 info it worked if it ends with ok
1 verbose cli [
1 verbose cli '/usr/local/Cellar/node/12.5.0/bin/node',
1 verbose cli '/usr/local/bin/npm',
1 verbose cli 'audit'
1 verbose cli ]
2 info using npm@6.9.0
3 info using node@v12.5.0
4 verbose npm-session 8821fc6732d58b82
5 http fetch POST 500 PRIVATE-VERDACCIO-REGISTRY/-/npm/v1/security/audits 15290ms
6 verbose stack Error: Your configured registry (PRIVATE-VERDACCIO-REGISTRY) does not support audit requests, or the audit endpoint is temporarily unavailable.
6 verbose stack at /usr/local/lib/node_modules/npm/lib/audit.js:201:18
6 verbose stack at tryCatcher (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
6 verbose stack at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
6 verbose stack at Promise._settlePromise (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
6 verbose stack at Promise._settlePromise0 (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
6 verbose stack at Promise._settlePromises (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:690:18)
6 verbose stack at _drainQueueStep (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:138:12)
6 verbose stack at _drainQueue (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:131:9)
6 verbose stack at Async._drainQueues (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:147:5)
6 verbose stack at Immediate.Async.drainQueues [as _onImmediate] (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
6 verbose stack at processImmediate (internal/timers.js:439:21)
7 verbose cwd /xxxxx
8 verbose Darwin 19.4.0
9 verbose argv "/usr/local/Cellar/node/12.5.0/bin/node" "/usr/local/bin/npm" "audit"
10 verbose node v12.5.0
11 verbose npm v6.9.0
12 error code ENOAUDIT
13 error audit Your configured registry (PRIVATE-VERDACCIO-REGISTRY) does not support audit requests, or the audit endpoint is temporarily unavailable.
14 verbose exit [ 1, true ]

Issue Analytics

State:
Created 3 years ago
Comments:13 (11 by maintainers)

Top GitHub Comments

1reaction

hydra13commented, Jul 16, 2020

@juanpicado, I agree with you, because I haven’t enough time for solving this problem right now. I will come back here later.

1reaction

juanpicadocommented, Jul 16, 2020

@hydra13 I’m thinking to rollback that PR, I could not find other way. We can re-apply it later when a solution is being available.

Top Results From Across the Web

Npm install gives warnings, npm audit fix not working

net core web api. When I cloned this repository, I tried to run npm install on the angular application, but I got a...

[BUG] npm audit fix doesn't work · Issue #3472 · npm/cli - GitHub

In my project, when running npm audit , one of the reported vulnerable packages is listed with the message “fix available via npm...

Auditing package dependencies for security vulnerabilities

Type npm audit and press Enter. Review the audit report and run recommended commands or investigate further if needed. Resolving EAUDITNOPJSON and EAUDITNOLOCK ......

npm audit: Broken by Design - Overreacted

The way npm audit works is broken. Its rollout as a default after every npm install was rushed, inconsiderate, and inadequate for the ......

How To Fix npm audit error with loadVirtual and ENOLOCK ...

Run `npm audit` for details. After running 'npm audit fix', you might see: npm ERR! code ENOLOCK npm ERR! audit This command requires ......