npm-audit-ci-wrapper not working with npm CLI version 7

InfoSec812 / npm-audit-ci-wrapper

A wrapper for 'npm audit' which can be configurable for use in a CI/CD tool like Jenkins

Apache License 2.0

13 stars 11 forks source link

npm-audit-ci-wrapper not working with npm CLI version 7 #82

Closed beornling closed 3 years ago

beornling commented 3 years ago

Version 7 of the npm CLI changes the format of the audit JSON report, and this tool fails to parse the new format.

\node_modules\npm-audit-ci-wrapper\lib\parser.js:52
     const advisories = Object.entries(data.advisories);
                               ^
 TypeError: Cannot convert undefined or null to object
     at Function.entries (<anonymous>)

InfoSec812 commented 3 years ago

I would love it if you could submit a pull-request. Otherwise, it may be a week or so before I can get around to updating. Also, I would suggest having a look at AuditJS from Sonatype. I have been using that more and more over the past few months.

InfoSec812 commented 3 years ago

I highly recommend that you use Sonatype's auditjs as a replacement. I am just going to mark this project as deprecated.

joebowbeer commented 3 years ago

npm-audit-resolver also has this issue but it is being addressed: https://github.com/naugtur/npm-audit-resolver/issues/34