Closed NiteshOswal closed 4 years ago
facing the same issue
https://registry.npmjs.org/https-proxy-agent-snyk-fork Someone found the opportunity and grabbed it by its balls.
it says:
UNMET DEPENDENCY proxy-agent@file:../../../../travis/build/snyk/snyk/proxy-agent-3.1.0.tgz
and it leads to
https-proxy-agent-snyk-fork@git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln
I guess that snyk guys (snyk.io) found some vulnerability and broke the lib
More like, the package was deleted from npm and someone claimed that package name
so now we can't use any package which depends on this
From a bit more digging into it, looks like it's the bundleDependencies
key which is being respected.
{
"name": "proxy-agent",
"version": "3.1.0",
"description": "Maps proxy protocols to `http.Agent` implementations",
"main": "index.js",
"scripts": {
"test": "mocha --reporter spec"
},
"engines": {
"node": ">=6"
},
"repository": {
"type": "git",
"url": "git://github.com/TooTallNate/node-proxy-agent.git"
},
"keywords": [
"http",
"https",
"socks",
"agent",
"mapping",
"proxy",
"cache"
],
"author": "Nathan Rajlich <nathan@tootallnate.net> (http://n8.io/)",
"license": "MIT",
"bugs": {
"url": "https://github.com/TooTallNate/node-proxy-agent/issues"
},
"homepage": "https://github.com/TooTallNate/node-proxy-agent",
"dependencies": {
"agent-base": "^4.2.0",
"debug": "^3.1.0",
"http-proxy-agent": "^2.1.0",
"lru-cache": "^4.1.2",
"proxy-from-env": "^1.0.0",
"socks-proxy-agent": "^4.0.1"
},
"devDependencies": {
"@types/agent-base": "^4.2.0",
"mocha": "^5.0.5",
"proxy": "0.2.4",
"socksv5": "0.0.6",
"stream-to-buffer": "0.1.0"
},
"bundleDependencies": [
"https-proxy-agent-snyk-fork",
"pac-proxy-agent"
]
}
@NiteshOswal have anyone open the issue https-proxy-agent-snyk-fork
or there is no one maintaining it because was not able to find any repro for the same
the issue has been fixed https://github.com/snyk/snyk/issues/796