Cannot JSON.parse response - goes over Node heap size

[dubbha]

Two recent high level advisories - mixin-deep and set-value blocked my CI even though I am running audit-ci --critical. The issue being that it fail on memory while trying to parse a huge JSON output containing each and every path where these two are dependencies, basically reaching a default Node heap size of ~1.4M.

Output starting with:

�[32;1m$ yarn run audit�[0;m
yarn run v1.13.0
$ audit-ci --critical
�[36mYarn audit report summary:�[0m
�[31mERROR: Cannot JSON.parse response:�[0m
{"type":"auditAdvisory","data":{"resolution":{"id":1012,"path":"jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>extglob>snapdragon>base>cache-base>set-value","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.0.0","paths":["awesome-typescript-loader>micromatch>braces>snapdragon>base>cache-base>set-value","awesome-typescript-loader>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","awesome-typescript-loader>micromatch>
...

...and ending with:

�[31mERROR: Cannot JSON.parse response:�[0m
<--- Last few GCs --->
�[31mERROR: Cannot JSON.parse response:�[0m
[19713:0x40f5e30]    10373 ms: Mark-sweep 1396.4 (1439.9) -> 1396.4 (1439.9) MB, 100.2 / 0.0 ms  (+ 27.5 ms in 2 steps since start of marking, biggest step 21.4 ms, walltime since start of marking 128 ms) (average mu = 0.116, current mu = 0.003) allocatio[19713:0x40f5e30]    10498 ms: Mark-sweep 1396.4 (1439.9) -> 1396.4 (1439.9) MB, 125.5 / 0.0 ms  (average mu = 0.065, current mu = 0.001) allocation failure scavenge might not succeed
�[31mUnexpected end of JSON input�[0m
�[31mExiting...�[0m
�[31mERROR: Cannot JSON.parse response:�[0m
<--- JS stacktrace --->
�[31mERROR: Cannot JSON.parse response:�[0m
Cannot get stack trace in GC.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
�[31;1mERROR: Job failed: exit status 1
�[0;m

[ticklemynausea]

This issue is also crippling our builds:

❯ yarn audit-ci -m
yarn run v1.15.2
$ /Users/mario/Projects/Fractal/fangtooth/node_modules/.bin/audit-ci -m
Yarn audit report results:
ERROR: Cannot JSON.parse response:
{"type":"auditAdvisory","data":{"resolution":{"id":1012,"path":"jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/fake-timers>jest-message-util>micromatch>braces>snapdragon>base>cache-base>set-value","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"2.0.0","paths":["jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/fake-timers>jest-message-util>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/fake-timers>jest-message-util>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/fake-timers>jest-message-util>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/fake-timers>jest-message-util>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/fake-timers>jest-message-util>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>anymatch>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>anymatch>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>anymatch>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>anymatch>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>anymatch>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>anymatch>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>anymatch>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>anymatch>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>anymatch>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>anymatch>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-haste-map>sane>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-util>@jest/fake-timers>jest-message-util>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-util>@jest/fake-timers>jest-message-util>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-util>@jest/fake-timers>jest-message-util>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-util>@jest/fake-timers>jest-message-util>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>jest-util>@jest/fake-timers>jest-message-util>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/environment>@jest/transform>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>anymatch>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>anymatch>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>anymatch>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>anymatch>micromatch>nanomatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>anymatch>micromatch>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>braces>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>extglob>expand-brackets>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>extglob>snapdragon>base>cache-base>set-value","jest>jest-cli>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>jest-util>@jest/fake-timers>jest-message-util>micromatch>nanomatch>snapdragon>base>cache-bas
ERROR: Cannot JSON.parse response:
<--- Last few GCs --->
ERROR: Cannot JSON.parse response:
ze[73584:0x103800000]    10000 ms: Mark-sweep 1389.0 (1436.8) -> 1389.0 (1438.3) MB, 63.1 / 0.0 ms  (+ 16.7 ms in 5 steps since start of marking, biggest step 16.1 ms, walltime since start of marking 81 ms) (average mu = 0.183, current mu = 0.086) finalize [73584:0x103800000]    10077 ms: Mark-sweep 1390.5 (1438.3) -> 1390.4 (1436.3) MB, 56.8 / 0.0 ms  (+ 14.3 ms in 5 steps since start of marking, biggest step 12.9 ms, walltime since start of marking 72 ms) (average mu = 0.142, current mu = 0.093) finalize
ERROR: Cannot JSON.parse response:
<--- JS stacktrace --->
ERROR: Cannot JSON.parse response:
==== JS stack trace =========================================
ERROR: Cannot JSON.parse response:
Security context: 0x3cab1a49e6e9 <JSObject>
ERROR: Cannot JSON.parse response:
    0: builtin exit frame: stringify(this=0x3cab882839c1 <Object map = 0x3cabb60fe641>,0x3cabcee026f1 <undefined>,0x3cabcee026f1 <undefined>,0x3cabff307c79 <Object map = 0x3cabf7b32771>,0x3cab882839c1 <Object map = 0x3cabb60fe641>)
ERROR: Cannot JSON.parse response:
    1: arguments adaptor frame: 1->3
ERROR: Cannot JSON.parse response:
    2: stringify [0x3cab196b9ee9] [/usr/local/Cellar/yarn/1.15.2/libexec/lib/cli.js:~103993] [pc=0x1119c8e59e5c](this=0x3cabc3f9...
Unexpected end of JSON input
Exiting...
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

[dw2]

We're also getting failing builds due to the truncated JSON response.

[saulf]

Might be the real issue: jestjs/jest#8682

Npm audit failing for jest 24.8.0 with severity high on 26k+ dependencies

[quinnturner]

Fixed with release #100, v2.2.0 is released.