search

InfoSec812 / npm-audit-ci-wrapper

A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins
Apache License 2.0
13 stars 11 forks source link

npm version check doesn't work correctly #36

Closed BRKurek closed 4 years ago

BRKurek commented 5 years ago

The npm version check run in bin/index.js doesn't work as intended. For example, using node 8.0.0 and npm 5.0.0 I get the following output instead of the expected error message:

undefined:2
Usage: npm <command>
^

SyntaxError: Unexpected token U in JSON at position 1
    at JSON.parse (<anonymous>)
    at parse_audit_results (/Users/briankurek/repos/npm-audit-ci-wrapper/lib/parser.js:33:21)
    at exec (/Users/briankurek/repos/npm-audit-ci-wrapper/bin/index.js:44:36)
    at ChildProcess.exithandler (child_process.js:259:5)
    at emitTwo (events.js:125:13)
    at ChildProcess.emit (events.js:213:7)
    at maybeClose (internal/child_process.js:887:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:208:5)

The root cause of the problem is that check_npm_version() returns a promise (because it's an async function), and the index script doesn't get the promise's resolved value, it just uses the promise directly (so the npm version check always passes).

InfoSec812 commented 4 years ago

@BRKurek I believe this has been resolved a long time ago. Can you confirm?