Version string lacks a numerical component

[timjrobinson]

I tried running it-depends on a few different nodejs packages and it didn't work on any of them. On a few it gave this error. Here's the output for two different projects I tried:

This is from https://github.com/timjrobinson/evolutionary-ai-battle:

> it-depends .                                                                                                 
Step 1/9 : FROM ubuntu:20.04

---> ba6acccedd29
Step 2/9 : RUN mkdir -p /workdir

---> Using cache
---> 9cf67c4f9f7a
Step 3/9 : RUN ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime

---> Using cache
---> 5968dac56aef
Step 4/9 : RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends strace npm

---> Using cache
---> 81711f2c7866
Step 5/9 : WORKDIR /workdir

---> Using cache
---> efd9480ba3ad
Step 6/9 : COPY install.sh .

---> Using cache
---> 5c8e0c3e6cd2
Step 7/9 : COPY run.sh .

---> Using cache
---> aab0afbbdc27
Step 8/9 : COPY baseline.sh .

---> Using cache
---> 33764ca8b29f
Step 9/9 : RUN chmod +x *.sh

---> Using cache
---> 166127b08bf8
Successfully built 166127b08bf8
Successfully tagged trailofbits/it-depends-npm:0.1.1
Version string lacks a numerical component: "pts: '^1.3.5',"

Another one from https://github.com/timjrobinson/ssb-server:

# Docker output is same as above
Version string lacks a numerical component: "ts': '^1.0.4',"

It's unclear where this is coming from, these packages are in my package.json/package-lock.json but they are valid json files with normal semver versions.

[timjrobinson]

I also tried running on https://github.com/balancer-labs/frontend-v2 and it gave the following output:

Successfully tagged trailofbits/it-depends-npm:0.1.1
{
    "npm:@balancer-labs/frontend-v2": {
        "1.34.9": {
            "dependencies": {},
            "vulnerabilities": [],
            "source": "npm",
            "is_source_package": true
        }
    }
}

And that's it.

[hosseinsia]

same problem. Can you please check?