Open JayPe69 opened 1 year ago
Hello,
I tried on 3 different projects, always the same error.
Please find all information for one of my project:
command line to obtain the audit :
yarn npm audit --all --recursive --json
{ "semver": [ { "id": 1093264, "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "title": "semver vulnerable to Regular Expression Denial of Service", "severity": "moderate", "vulnerable_versions": ">=7.0.0 <7.5.2", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } } ], "@babel/traverse": [ { "id": 1094415, "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "severity": "critical", "vulnerable_versions": "<7.23.2", "cwe": [ "CWE-184" ], "cvss": { "score": 9.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } } ] }
yarn audit logs
yarn npm audit --all --recursive --json | yarn dlx yarn-audit-html
➤ YN0000: · Yarn 4.0.0 ➤ YN0000: ┌ Resolution step ➤ YN0085: │ + yarn-audit-html@npm:7.3.2, @types/ejs@npm:3.1.4, ansi-styles@npm:4.3.0, async@npm:3.2.4, balanced-match@npm:1.0.2, brace-expansion@npm:1.1.11, brace-expansion@npm:2.0.1, chalk@npm:4.1.2, color-convert@npm:2.0.1, color-name@npm:1.1.4, and 10 more. ➤ YN0000: └ Completed in 3s 550ms ➤ YN0000: ┌ Fetch step ➤ YN0000: └ Completed ➤ YN0000: ┌ Link step ➤ YN0000: └ Completed in 0s 209ms ➤ YN0000: · Done in 3s 792ms Checking audit logs... Failed to parse YARN Audit JSON! TypeError: Cannot convert undefined or null to object at Function.values (<anonymous>) at file:///tmp/xfs-07c9f09d/dlx-18366/node_modules/yarn-audit-html/lib/cli.js:72:36 at Array.forEach (<anonymous>) at Socket.<anonymous> (file:///tmp/xfs-07c9f09d/dlx-18366/node_modules/yarn-audit-html/lib/cli.js:69:27) at Socket.emit (node:events:517:28) at emitReadable_ (node:internal/streams/readable:601:12) at process.processTicksAndRejections (node:internal/process/task_queues:81:21)
Thanks for your help
Hi @JayPe69 this package will be moving to @audit/cli soon. which supports yarn V4 (an others). I will notify you here when it is released. ;)
@audit/cli
@davityavryan any update on the new package?
Hello,
I tried on 3 different projects, always the same error.
Please find all information for one of my project:
command line to obtain the audit :
yarn audit logs
Thanks for your help