Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid payload submitted to Node Audit API with @isaacs/cliui #5714

Closed
twwd opened this issue May 15, 2023 · 3 comments
Closed

Invalid payload submitted to Node Audit API with @isaacs/cliui #5714

twwd opened this issue May 15, 2023 · 3 comments
Labels
bug

Comments

@twwd
Copy link

twwd commented May 15, 2023

Describe the bug
When using a npm project that has @isaacs/cliui as transitive dependency (e.g. Angular), the node audit analyzer fails with Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.. The debug log only states Invalid payload submitted to Node Audit API. Received response code: 400 Bad Request but neither the actual request content nor the response.

This issue might correlate with the use of aliases:

WARN  - dependency skipped: package.json contain an alias for string-width-cjs => string-width@4.2.3 npm audit doesn't support aliases
2023-05-15 16:46:37,892 org.owasp.dependencycheck.analyzer.NodePackageAnalyzer:292
WARN  - dependency skipped: package.json contain an alias for strip-ansi-cjs => strip-ansi@6.0.1 npm audit doesn't support aliases
2023-05-15 16:46:37,892 org.owasp.dependencycheck.analyzer.NodePackageAnalyzer:292
WARN  - dependency skipped: package.json contain an alias for wrap-ansi-cjs => wrap-ansi@7.0.0 npm audit doesn't support aliases

Version of dependency-check used
8.2.1 CLI

Log file
https://github.com/twwd/dependency-check-npm-audit-error/blob/main/dependency-check.log

To Reproduce

  1. Run Dependency Check CLI within this repo:
  • ./dependency-check-8.2.1/bin/dependency-check.sh --disableRetireJS --disableYarnAudit --disableAssembly --disableBundleAudit --disablePnpmAudit --format JSON --format HTML --scan . -l dependency-check.log

Expected behavior
Dependency Check successfully performs its vulnerability searches.
@twwd twwd added the bug label May 15, 2023
@tomkuipers
Copy link

Can confirm, I'm seeing same behavior (using dependency-check version 8.2.1)
org.owasp.dependencycheck.exception.ExceptionCollection: One or more exceptions occurred during analysis: SearchException: Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.

[WARNING] dependency skipped: package.json contain an alias for string-width-cjs => string-width@4.2.3 npm audit doesn't support aliases
[WARNING] dependency skipped: package.json contain an alias for strip-ansi-cjs => strip-ansi@6.0.1 npm audit doesn't support aliases
[WARNING] dependency skipped: package.json contain an alias for wrap-ansi-cjs => wrap-ansi@7.0.0 npm audit doesn't support aliases
[ERROR] NodeAuditAnalyzer failed on /builds/canvas/canvas-custom-js/package-lock.json
[WARNING] An error occurred while analyzing '/xxx/xxx/xxx/package-lock.json' (Node Audit Analyzer).

@kybercryst4l
Copy link

kybercryst4l commented Jun 2, 2023
edited

May be solved in #5703

@twwd
Copy link
Author

twwd commented Jun 27, 2023

The error does not longer occur for me with 8.3.1.

@twwd twwd closed this as completed Jun 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomkuipers @twwd @kybercryst4l