TypeError: Cannot convert undefined or null to object

InfoSec812 / npm-audit-ci-wrapper

A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins

Apache License 2.0

13 stars 11 forks source link

TypeError: Cannot convert undefined or null to object #57

Closed ghost closed 4 years ago

ghost commented 4 years ago

Running npx npm-audit-ci-wrapper --threshold=high --registry=https://registry.npmjs.org/ on our packages sometimes fails with:

~ /.npm/_npx/29606/lib/node_modules/npm-audit-ci-wrapper/lib/parser.js:43 const advisories = Object.entries(data.advisories); ^ TypeError: Cannot convert undefined or null to object at Function.entries () at parse_audit_results (~ /.npm/_npx/29606/lib/node_modules/npm-audit-ci-wrapper/lib/parser.js:43:31) at ChildProcess. (~ /.npm/_npx/29606/lib/node_modules/npm-audit-ci-wrapper/bin/index.js:81:35) at ChildProcess.emit (events.js:310:20) at maybeClose (internal/child_process.js:1021:16) at Socket. (internal/child_process.js:443:11) at Socket.emit (events.js:310:20) at Pipe. (net.js:672:12)

InfoSec812 commented 4 years ago

@OttoEdler Could you provide me with a package.json which I could use to test against?

ghost commented 4 years ago

I digged a little further since it doesn't seem to be related to a specific package.json. It seems to be related to network issues since when the issue occurs data is { error: { summary: 'network timeout at: https://registry.npmjs.org/-/npm/v1/security/audits', detail: '' } } The network issues seem to be related to some volatile build workers in the cloud and this is definitely beyond the scope of this package. However, it would be great if you could implement some error handling inside the parser and output the error summary text instead of the trace, so our dev guys know what is going on.

InfoSec812 commented 4 years ago

@OttoEdler Thanks for the detailed reply... I will see if I can replicate and add an error trap for the same.

ghost commented 4 years ago

Thanks for looking into it. A quick way to replicate the error locally is to just disconnect the network during the audit lookup. I just started the command and then immediately pulled the ethernet plug.

InfoSec812 commented 4 years ago

@OttoEdler Could you have a look at the PR linked above?

ghost commented 4 years ago

Awesome, based on the exit code I could even implement automatic retries on the build system: npx npm-audit-ci-wrapper --threshold=high --registry=https://registry.npmjs.org/ || echo $? undefined: network timeout at: https://registry.npmjs.org/-/npm/v1/security/audits 12 Thank you very much!

InfoSec812 commented 4 years ago

@OttoEdler Excellent! Thanks for the confirmation! I will merge it and tag it and it should end up in NPM in a short while.