fix: only scan root vulns when name&version exist

sandworm-hq · Sep 15, 2023 · 6d89eee · 6d89eee
1 parent 41d96e5
commit 6d89eee
Showing 1 changed file with 11 additions and 17 deletions.
diff --git a/src/index.js b/src/index.js
@@ -85,23 +85,17 @@ const getReport = async ({
     errors.push(error);
   }
 
-  if (includeRootVulnerabilities) {
-    if (!packageGraph.name || !packageGraph.version) {
-      errors.push(
-        new Error('Cannot scan root vulnerabilities: root package name and version are required.'),
-      );
-    } else {
-      try {
-        rootVulnerabilities = await getRegistryAudit({
-          packageManager: packageGraph.meta.packageManager,
-          packageName: packageGraph.name,
-          packageVersion: packageGraph.version,
-          packageGraph,
-          includeDev,
-        });
-      } catch (error) {
-        errors.push(error);
-      }
+  if (includeRootVulnerabilities && packageGraph.name && packageGraph.version) {
+    try {
+      rootVulnerabilities = await getRegistryAudit({
+        packageManager: packageGraph.meta.packageManager,
+        packageName: packageGraph.name,
+        packageVersion: packageGraph.version,
+        packageGraph,
+        includeDev,
+      });
+    } catch (error) {
+      errors.push(error);
     }
   }
   onProgress({type: 'end', stage: 'vulnerabilities'});