Handle errors from Yarn Berry more gracefully

IBM / audit-ci

Audit NPM, Yarn, PNPM, and Bun dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories

Apache License 2.0

265 stars 43 forks source link

Handle errors from Yarn Berry more gracefully #301

Closed sargunv closed 1 year ago

sargunv commented 1 year ago

Currently, if yarn npm audit has some error (other than detected vulns), audit-ci with fail with an error like this:

Uncaught Error: Invalid JSON (Unexpected "I" at position 0 in state STOP)

Instead, audit-ci's thrown error message should probably include some info about the error Yarn reported.

I ran into this in #298 , and also when trying to bump the tested Yarn version in PR #300 (CI link here)

quinnturner commented 1 year ago

I am pretty sure this is the case for all package managers. Since every package manager implementation attempts to JSON.parse, we can probably use consistent behaviour.

Perhaps we just wrap all JSON.parse for all package managers in a try/catch and rethrow the error to include the response itself?

quinnturner commented 1 year ago

Closed with #306, released in v6.6.1