search

davityavryan / yarn-audit-html

Generate a HTML report for Yarn Audit
MIT License
29 stars 13 forks source link

yarn 4.0.0 released - not compatible with last yarn audit html #143

Open JayPe69 opened 1 year ago

JayPe69 commented 1 year ago

Hello,

I tried on 3 different projects, always the same error.

Please find all information for one of my project:

command line to obtain the audit : 

yarn npm audit --all --recursive --json
{
    "semver": [
        {
            "id": 1093264,
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "severity": "moderate",
            "vulnerable_versions": ">=7.0.0 <7.5.2",
            "cwe": [
                "CWE-1333"
            ],
            "cvss": {
                "score": 5.3,
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            }
        }
    ],
    "@babel/traverse": [
        {
            "id": 1094415,
            "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
            "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
            "severity": "critical",
            "vulnerable_versions": "<7.23.2",
            "cwe": [
                "CWE-184"
            ],
            "cvss": {
                "score": 9.3,
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
            }
        }
    ]
}

yarn audit logs

yarn npm audit --all --recursive --json | yarn dlx yarn-audit-html
➤ YN0000: · Yarn 4.0.0
➤ YN0000: ┌ Resolution step
➤ YN0085: │ + yarn-audit-html@npm:7.3.2, @types/ejs@npm:3.1.4, ansi-styles@npm:4.3.0, async@npm:3.2.4, balanced-match@npm:1.0.2, brace-expansion@npm:1.1.11, brace-expansion@npm:2.0.1, chalk@npm:4.1.2, color-convert@npm:2.0.1, color-name@npm:1.1.4, and 10 more.
➤ YN0000: └ Completed in 3s 550ms
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed in 0s 209ms
➤ YN0000: · Done in 3s 792ms

Checking audit logs...
Failed to parse YARN Audit JSON!
 TypeError: Cannot convert undefined or null to object
    at Function.values (<anonymous>)
    at file:///tmp/xfs-07c9f09d/dlx-18366/node_modules/yarn-audit-html/lib/cli.js:72:36
    at Array.forEach (<anonymous>)
    at Socket.<anonymous> (file:///tmp/xfs-07c9f09d/dlx-18366/node_modules/yarn-audit-html/lib/cli.js:69:27)
    at Socket.emit (node:events:517:28)
    at emitReadable_ (node:internal/streams/readable:601:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:81:21)

Thanks for your help

davityavryan commented 11 months ago

Hi @JayPe69 this package will be moving to @audit/cli soon. which supports yarn V4 (an others). I will notify you here when it is released. ;)

marksy commented 3 months ago

@davityavryan any update on the new package?