Refactor npm audit producer #55
Assignees
Labels
priority: need
Something that needs to be done.
type: fix
Iterations on existing features or infrastructure.
Comments
ptzianos
added
priority: need
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue
When the npm audit producer was written, advisories would be hosted by NPM itself. The reports produced by the
npm auditcommand would include links that would point to an NPM page with the advisory. However, that is no longer the case. The reports now include links that point to Github hosted advisories and the Github API is quite different than the NPM one. The NPM links can still be used, but they will immediately redirect to the Github Advisory page. Furthermore, the response generated by NPM to a request for the JSON document of the advisory isn't, some 301 response, but instead it's a 200 page with the textRedirectingin the body, a header saying that the response is JSON and the location header set to the Github advisory page. The npm audit producer needs to be refactored to be able to fetch the Github Advisories.Expected behaviour
The npm audit report should be parsed correctly and advisories should be fetched without issues from Github
Actual behaviour
Advisory fetching fails
Steps to reproduce
Run the producer for any report
The text was updated successfully, but these errors were encountered: