hkelley
commented
5 years ago For ease of searching, here is the resulting error:
TASK [minemeld : nsp check] ****************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["nsp", "check"], "delta": "0:00:00.618019", "end": "2018-12-22 19:06:38.485301", "msg": "non-zero return code", "rc": 1, "start": "2018-12-22 19:06:37.867282", "stderr": "(+) Error: Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io api.nodesecurity.io:443", "stderr_lines": ["(+) Error: Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io api.nodesecurity.io:443"], "stdout": "", "stdout_lines": []}
to retry, use: --limit @/home/minemeldsetup/minemeld-ansible/local.retryI followed the suggestion here and commented it out of the yml.
According to https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting, NSP will be shutting down September 30, 2018.
What we know:
Node Security Platform will be shutting down on September 30 NPM AUDIT, the replacement for NSP CHECK, is available in NPM v6.0 and higher The current stable Node.js distribution still ships with NPM v5.6 NPM AUDIT (as of v6.1 - current release) still relies heavily on Node Security Platform After investigating the NPM AUDIT API, it is safe to assume that:
Dependency-Check can safely migrate from using the NSP API to the NPM AUDIT API. The NPM AUDIT API provides nearly identical information about the advisories discovered from the package submitted. Vulnerability identification should continue to work as before For organizations that rely on stable Node.js distributions, using Dependency-Check for vulnerability identification will be the only alternative.