search

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
https://retirejs.github.io/retire.js/
Other
3.6k stars 412 forks source link

Invalid jsrepository.json #423

Closed aurelien-baudin closed 8 months ago

aurelien-baudin commented 8 months ago

Hello,

i'm using dependency-check that apparently is using retire.js library. Since today, I have an error during the dependency-check initialization

16:57:39:104 [ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default-cli) on project common-api-rest: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
16:57:39:104 [ERROR]    InitializationException: Failed to initialize the RetireJS repo: `/var/folders/q1/wwts4tyj45v3_d2xm6hnmlmw0000gp/T/dctemp93144dfa-fcc2-4801-8703-8be47a9e84c7/jsrepository.json` appears to be malformed. Please delete the file or run the dependency-check purge command and re-try running dependency-check.
16:57:39:104 [ERROR]        caused by JSONException: No value for info

For what I understand, it looks like it comes from this commit

There is missing an info property in the added json chunk.

eoftedal commented 8 months ago

The repo is still valid for retire.js, it's just that dependency check has expectations that are not fulfilled. I have fixed it though and added a test in the repository/validate script to check for missing info.

eoftedal commented 8 months ago

So in the future the info element should be present.