You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using a npm project that has @isaacs/cliui as transitive dependency (e.g. Angular), the node audit analyzer fails with Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.. The debug log only states Invalid payload submitted to Node Audit API. Received response code: 400 Bad Request but neither the actual request content nor the response.
This issue might correlate with the use of aliases:
WARN - dependency skipped: package.json contain an alias for string-width-cjs => string-width@4.2.3 npm audit doesn't support aliases
2023-05-15 16:46:37,892 org.owasp.dependencycheck.analyzer.NodePackageAnalyzer:292
WARN - dependency skipped: package.json contain an alias for strip-ansi-cjs => strip-ansi@6.0.1 npm audit doesn't support aliases
2023-05-15 16:46:37,892 org.owasp.dependencycheck.analyzer.NodePackageAnalyzer:292
WARN - dependency skipped: package.json contain an alias for wrap-ansi-cjs => wrap-ansi@7.0.0 npm audit doesn't support aliases
Can confirm, I'm seeing same behavior (using dependency-check version 8.2.1) org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis: SearchException: Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
[WARNING] dependency skipped: package.json contain an alias for string-width-cjs => string-width@4.2.3 npm audit doesn't support aliases [WARNING] dependency skipped: package.json contain an alias for strip-ansi-cjs => strip-ansi@6.0.1 npm audit doesn't support aliases [WARNING] dependency skipped: package.json contain an alias for wrap-ansi-cjs => wrap-ansi@7.0.0 npm audit doesn't support aliases [ERROR] NodeAuditAnalyzer failed on /builds/canvas/canvas-custom-js/package-lock.json [WARNING] An error occurred while analyzing '/xxx/xxx/xxx/package-lock.json' (Node Audit Analyzer).
Describe the bug
When using a npm project that has
@isaacs/cliui
as transitive dependency (e.g. Angular), the node audit analyzer fails withCould not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
. The debug log only statesInvalid payload submitted to Node Audit API. Received response code: 400 Bad Request
but neither the actual request content nor the response.This issue might correlate with the use of aliases:
Version of dependency-check used
8.2.1 CLI
Log file
https://github.com/twwd/dependency-check-npm-audit-error/blob/main/dependency-check.log
To Reproduce
./dependency-check-8.2.1/bin/dependency-check.sh --disableRetireJS --disableYarnAudit --disableAssembly --disableBundleAudit --disablePnpmAudit --format JSON --format HTML --scan . -l dependency-check.log
Expected behavior
Dependency Check successfully performs its vulnerability searches.
The text was updated successfully, but these errors were encountered: