Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm audit fix not working with npm@7 (lockfileVersion: 2)

See original GitHub issue

Describe the bug

npm audit fix doesn’t work with npm@7.18.1 { statusCode: 400, error: ‘Bad Request’, message: ‘Invalid package tree, run npm install to rebuild your package-lock.json’ }

npm audit works as expected

To Reproduce

verdaccio --config ./config.yaml create package.json with at least one dependency and npm install npm audit fix --registry http://localhost:4873/

Expected behavior

found 0 vulnerabilities

Configuration File (cat ~/.config/verdaccio/config.yaml)

listen: 'http://localhost:4873'

max_body_size: 50mb
storage: ./storage
plugins: ./plugins

middlewares:
  audit:
    enabled: true

uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '**':
    access: $all
    publish: admin
    unpublish: admin
    proxy: npmjs

logs: { type: stdout, format: pretty, level: http }

Environment information

Environment Info: System: OS: macOS 11.4 CPU: Intel Binaries: npm: 7.18.1 npmGlobalPackages: verdaccio: 5.1.1

Debugging output

npm audit fix --ddd --registry http://localhost:4873/

npm verb cli [
  npm verb cli   '/.../.n/bin/node',
  npm verb cli   '/.../.n/bin/npm',
  npm verb cli   'audit',
  npm verb cli   'fix',
  npm verb cli   '--ddd',
  npm verb cli   '--registry',
  npm verb cli   'http://localhost:4873/'
  npm verb cli ]
npm info using npm@7.18.1
npm info using node@v14.17.1
npm timing npm:load:whichnode Completed in 1ms
npm timing config:load:defaults Completed in 2ms
npm timing config:load:file:..../npm/npmrc Completed in 1ms
npm timing config:load:builtin Completed in 1ms
npm timing config:load:cli Completed in 4ms
npm timing config:load:env Completed in 0ms
npm timing config:load:file:..../audit-test/.npmrc Completed in 1ms
npm timing config:load:project Completed in 2ms
npm timing config:load:file:..../.npmrc Completed in 2ms
npm timing config:load:user Completed in 2ms
npm timing config:load:global Completed in 0ms
npm timing config:load:validate Completed in 2ms
npm timing config:load:credentials Completed in 1ms
npm timing config:load:setEnvs Completed in 1ms
npm timing config:load Completed in 15ms
npm timing npm:load:configload Completed in 16ms
npm timing npm:load:setTitle Completed in 23ms
npm timing npm:load:setupLog Completed in 1ms
npm timing npm:load:cleanupLog Completed in 3ms
npm timing npm:load:configScope Completed in 0ms
npm timing npm:load:projectScope Completed in 1ms
npm timing npm:load Completed in 48ms
npm timing config:load:flatten Completed in 6ms
npm timing arborist:ctor Completed in 1ms
npm sill audit bulk request { lodash: [ '4.17.21' ] }
npm http fetch POST 404 http://localhost:4873/-/npm/v1/security/advisories/bulk 34ms
npm sill audit bulk request failed <!DOCTYPE html>
npm sill audit <html lang="en">
npm sill audit <head>
npm sill audit <meta charset="utf-8">
npm sill audit <title>Error</title>
npm sill audit </head>
npm sill audit <body>
npm sill audit <pre>Cannot POST /-/npm/v1/security/advisories/bulk</pre>
npm sill audit </body>
npm sill audit </html>
npm sill audit
npm http fetch POST 200 http://localhost:4873/-/npm/v1/security/audits/quick 1023ms
npm timing auditReport:getReport Completed in 1068ms
npm sill audit report {}
npm timing auditReport:init Completed in 0ms
npm timing audit Completed in 1126ms
npm timing idealTree:init Completed in 1ms
npm timing idealTree:userRequests Completed in 0ms
npm sill idealTree buildDeps
npm timing idealTree:#root Completed in 0ms
npm timing idealTree:buildDeps Completed in 0ms
npm timing idealTree:fixDepFlags Completed in 0ms
npm timing idealTree Completed in 3ms
npm timing arborist:ctor Completed in 0ms
npm timing reify:loadTrees Completed in 10ms
npm timing reify:diffTrees Completed in 1ms
npm sill reify moves {}
npm timing reify:retireShallow Completed in 0ms
npm timing reify:createSparse Completed in 0ms
npm timing reify:loadBundles Completed in 0ms
npm sill audit bulk request { lodash: [ '4.17.21' ] }
npm timing reify:unpack Completed in 0ms
npm timing reify:unretire Completed in 0ms
npm timing build:queue Completed in 0ms
npm timing build:deps Completed in 0ms
npm timing build Completed in 1ms
npm timing reify:build Completed in 1ms
npm timing reify:trash Completed in 0ms
npm timing reify:save Completed in 3ms
npm http fetch POST 404 http://localhost:4873/-/npm/v1/security/advisories/bulk 12ms
npm sill audit bulk request failed <!DOCTYPE html>
npm sill audit <html lang="en">
npm sill audit <head>
npm sill audit <meta charset="utf-8">
npm sill audit <title>Error</title>
npm sill audit </head>
npm sill audit <body>
npm sill audit <pre>Cannot POST /-/npm/v1/security/advisories/bulk</pre>
npm sill audit </body>
npm sill audit </html>
npm sill audit
npm http fetch POST 400 http://localhost:4873/-/npm/v1/security/audits/quick 338ms
npm verb audit error HttpErrorGeneral: 400 Bad Request - POST http://localhost:4873/-/npm/v1/security/audits/quick - Bad Request
npm verb audit error     at /.../.n/lib/node_modules/npm/node_modules/npm-registry-fetch/check-response.js:95:15
npm verb audit error     at processTicksAndRejections (internal/process/task_queues.js:95:5)
npm verb audit error     at async Map.[getReport] (/.../.n/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:318:21)
npm verb audit error     at async Map.run (/.../.n/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:105:19)
npm verb audit error     at async Arborist.reify (/.../.n/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:139:5)
npm verb audit error     at async Audit.audit (/.../.n/lib/node_modules/npm/lib/audit.js:66:5)
npm verb audit error  HttpErrorGeneral: 400 Bad Request - POST http://localhost:4873/-/npm/v1/security/audits/quick - Bad Request
npm verb audit error     at /.../.n/lib/node_modules/npm/node_modules/npm-registry-fetch/check-response.js:95:15
npm verb audit error     at processTicksAndRejections (internal/process/task_queues.js:95:5)
npm verb audit error     at async Map.[getReport] (/.../.n/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:318:21)
npm verb audit error     at async Map.run (/.../.n/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:105:19)
npm verb audit error     at async Arborist.reify (/.../.n/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:139:5)
npm verb audit error     at async Audit.audit (/.../.n/lib/node_modules/npm/lib/audit.js:66:5) {
npm verb audit error   headers: [Object: null prototype] {
npm verb audit error     'x-powered-by': [ 'verdaccio/5.1.1' ],
npm verb audit error     'access-control-allow-origin': [ '*' ],
npm verb audit error     date: [ 'Fri, 25 Jun 2021 17:04:21 GMT' ],
npm verb audit error     'content-type': [ 'application/json; charset=utf-8' ],
npm verb audit error     'content-length': [ '126' ],
npm verb audit error     connection: [ 'keep-alive' ],
npm verb audit error     'cf-ray': [ '664fc6461e6e6249-OTP' ],
npm verb audit error     'cache-control': [ 'no-cache' ],
npm verb audit error     vary: [ 'origin, Accept-Encoding' ],
npm verb audit error     'cf-cache-status': [ 'DYNAMIC' ],
npm verb audit error     'access-control-allow-credentials': [ 'true' ],
npm verb audit error     'access-control-expose-headers': [ 'Content-Type,Content-Length' ],
npm verb audit error     'cf-request-id': [ '0ae5ba3fce000062496' ],
npm verb audit error     'expect-ct': [
npm verb audit error       'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"'
npm verb audit error     ],
npm verb audit error     server: [ 'cloudflare' ],
npm verb audit error     'x-fetch-attempts': [ '1' ]
npm verb audit error   },
npm verb audit error   statusCode: 400,
npm verb audit error   code: 'E400',
npm verb audit error   method: 'POST',
npm verb audit error   uri: 'http://localhost:4873/-/npm/v1/security/audits/quick',
npm verb audit error   body: {
npm verb audit error     statusCode: 400,
npm verb audit error     error: 'Bad Request',
npm verb audit error     message: 'Invalid package tree, run  npm install  to rebuild your package-lock.json'
npm verb audit error   },
npm verb audit error   pkgid: undefined
npm verb audit error }
npm sill audit error [object Object]
npm timing auditReport:getReport Completed in 358ms
npm sill audit report null
npm timing reify:audit Completed in 358ms
npm timing reify Completed in 373ms
npm WARN audit 400 Bad Request - POST http://localhost:4873/-/npm/v1/security/audits/quick - Bad Request
{
statusCode: 400,
error: 'Bad Request',
message: 'Invalid package tree, run  npm install  to rebuild your package-lock.json'
}
npm timing command:audit Completed in 1503ms
npm ERR! audit endpoint returned an error
npm verb exit 1
npm timing npm Completed in 2016ms
npm verb code 1

set DEBUG 'express: verdaccio request’ & verdaccio --config ./config.yaml*

 warn --- http address - http://localhost:4873/ - verdaccio/5.1.1
  express:router dispatching POST /-/npm/v1/security/advisories/bulk +11s
  express:router query  : /-/npm/v1/security/advisories/bulk +0ms
  express:router expressInit  : /-/npm/v1/security/advisories/bulk +1ms
  express:router corsMiddleware  : /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +1ms
 http --- 127.0.0.1 requested 'POST /-/npm/v1/security/advisories/bulk'
  express:router errorReportingMiddleware  : /-/npm/v1/security/advisories/bulk +2ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +0ms
  express:router compression  : /-/npm/v1/security/advisories/bulk +1ms
  express:router trim prefix (/-/npm/v1/security) from url /-/npm/v1/security/advisories/bulk +0ms
  express:router router /-/npm/v1/security : /-/npm/v1/security/advisories/bulk +0ms
  express:router dispatching POST /advisories/bulk +0ms
  express:router router  : /-/npm/v1/security/advisories/bulk +1ms
  express:router dispatching POST /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +0ms
  express:router jsonParser  : /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +25ms
  express:router encodeScopePackage  : /-/npm/v1/security/advisories/bulk +0ms
  express:router router  : /-/npm/v1/security/advisories/bulk +1ms
  express:router dispatching POST /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +0ms
  express:router setSecurityWebHeaders  : /-/npm/v1/security/advisories/bulk +1ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +1ms
  express:router final  : /-/npm/v1/security/advisories/bulk +0ms
 http --- 404, user: null(127.0.0.1), req: 'POST /-/npm/v1/security/advisories/bulk', bytes: 42/173
  express:router dispatching POST /-/npm/v1/security/audits/quick +18ms
  express:router query  : /-/npm/v1/security/audits/quick +1ms
  express:router expressInit  : /-/npm/v1/security/audits/quick +0ms
  express:router corsMiddleware  : /-/npm/v1/security/audits/quick +0ms
  express:router <anonymous>  : /-/npm/v1/security/audits/quick +0ms
 http --- 127.0.0.1 requested 'POST /-/npm/v1/security/audits/quick'
  express:router errorReportingMiddleware  : /-/npm/v1/security/audits/quick +1ms
  express:router <anonymous>  : /-/npm/v1/security/audits/quick +0ms
  express:router compression  : /-/npm/v1/security/audits/quick +0ms
  express:router trim prefix (/-/npm/v1/security) from url /-/npm/v1/security/audits/quick +0ms
  express:router router /-/npm/v1/security : /-/npm/v1/security/audits/quick +1ms
  express:router dispatching POST /audits/quick +0ms
 http --- 200, user: null(127.0.0.1), req: 'POST /-/npm/v1/security/audits/quick', bytes: 259/145
  express:router dispatching POST /-/npm/v1/security/advisories/bulk +604ms
  express:router query  : /-/npm/v1/security/advisories/bulk +0ms
  express:router expressInit  : /-/npm/v1/security/advisories/bulk +0ms
  express:router corsMiddleware  : /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +0ms
 http --- 127.0.0.1 requested 'POST /-/npm/v1/security/advisories/bulk'
  express:router errorReportingMiddleware  : /-/npm/v1/security/advisories/bulk +1ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +1ms
  express:router compression  : /-/npm/v1/security/advisories/bulk +0ms
  express:router trim prefix (/-/npm/v1/security) from url /-/npm/v1/security/advisories/bulk +0ms
  express:router router /-/npm/v1/security : /-/npm/v1/security/advisories/bulk +0ms
  express:router dispatching POST /advisories/bulk +0ms
  express:router router  : /-/npm/v1/security/advisories/bulk +0ms
  express:router dispatching POST /-/npm/v1/security/advisories/bulk +1ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +0ms
  express:router jsonParser  : /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +1ms
  express:router encodeScopePackage  : /-/npm/v1/security/advisories/bulk +0ms
  express:router router  : /-/npm/v1/security/advisories/bulk +2ms
  express:router dispatching POST /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +0ms
  express:router setSecurityWebHeaders  : /-/npm/v1/security/advisories/bulk +0ms
  express:router <anonymous>  : /-/npm/v1/security/advisories/bulk +0ms
  express:router final  : /-/npm/v1/security/advisories/bulk +0ms
 http --- 404, user: null(127.0.0.1), req: 'POST /-/npm/v1/security/advisories/bulk', bytes: 42/173
  express:router dispatching POST /-/npm/v1/security/audits/quick +8ms
  express:router query  : /-/npm/v1/security/audits/quick +0ms
  express:router expressInit  : /-/npm/v1/security/audits/quick +0ms
  express:router corsMiddleware  : /-/npm/v1/security/audits/quick +1ms
  express:router <anonymous>  : /-/npm/v1/security/audits/quick +0ms
 http --- 127.0.0.1 requested 'POST /-/npm/v1/security/audits/quick'
  express:router errorReportingMiddleware  : /-/npm/v1/security/audits/quick +0ms
  express:router <anonymous>  : /-/npm/v1/security/audits/quick +0ms
  express:router compression  : /-/npm/v1/security/audits/quick +0ms
  express:router trim prefix (/-/npm/v1/security) from url /-/npm/v1/security/audits/quick +0ms
  express:router router /-/npm/v1/security : /-/npm/v1/security/audits/quick +0ms
  express:router dispatching POST /audits/quick +1ms
 http --- 400, user: null(127.0.0.1), req: 'POST /-/npm/v1/security/audits/quick', bytes: 140/126

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

3reactions
juanpicadocommented, Sep 7, 2021

Should be fixed with v5.1.4

1reaction
ppenelon-sfeircommented, Feb 28, 2022

Hello,
I fell here after having a “Invalid package tree, run npm install to rebuild your package-lock.json” error while running npm audit on npm@8.
This is not related to Verdaccio, but to anyone having the same problem, you can run the following to make it works.

rm package-lock.json
rm -rf node_modules
npm cache clean --force
Read more comments on GitHub >

github_iconTop Results From Across the Web

Npm install gives warnings, npm audit fix not working
Delete your node_modules folder. Try npm install again. This used to fix several issues when adding new packages in my angular apps.
Read more >
Changelog
Documentation for the npm registry, website, and command-line interface.
Read more >
lockfileversion - You.com | The search engine you control.
Is 'lockfileVersion: 2' in package-lock.json from npm 7 compatible with older versions ... run:\n npm audit fix\n\nTo address all issues (including breaking ...
Read more >
The Step-by-Step Guide to Understanding and Adopting ...
On the npm 6 window, the peer dependency, React, is not installed by ... by npm 7 have a newer format, using "lockfileVersion":...
Read more >
Beta Release! And: SemVer-Major Changes in npm v7
npm audit. Output and data structure is significantly refactored to call attention to issues, identify classes of fixes not previously available ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

npm audit fails with 500 server error on nightly build

Next page

Verdaccio not working as expected after path mapping in a GCE Ingress controller