Check against undefined versions array from registry. #7
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Changed
Checking to make sure that packument has a parameter called version. This has been updated during load and [_testVersion]
Why Change This
A recent change at npmjs' registry now gives unpublished repositories a registry entry and returns 200. However these entries do not have any version arrays, which causes issues with the metavuln-calculator. If you were to use private packages through git, the package name gets matched up to unpublished repositories on npmjs' registry and breaks
It's possible that this is simply a bug on npmjs' side and this will be fixed in a future update, but this patch for now has allowed me to continue working as normal. I could also be missing something in my custom dependency that is confusing npm, so if there's any way to not need this patch, I'm all ears. I'll do my best to monitor this PR.
Reproduction Steps
package-name
will be used in this reproduction stepsTodo
References
N/A