search

hawkeyesec / scanner-cli

A project security/vulnerability/risk scanning tool
Other
358 stars 89 forks source link

NPM Install fails because of git folder #139

Closed nikoWah closed 5 years ago

nikoWah commented 5 years ago

Issue Template

Description

Running npm install sometimes fails because of git folder in scanner-cli. Is it possible to remove this git folder from the npm package?

npm ERR! code EISGIT
npm ERR! path /..../node_modules/@hawkeyesec/scanner-cli
npm ERR! git /..../node_modules/@hawkeyesec/scanner-cli: Appears to be a git repo or submodule.
npm ERR! git     /..../node_modules/@hawkeyesec/scanner-cli
npm ERR! git Refusing to remove it. Update manually,
npm ERR! git or move it out of the way first.

Steps to Reproduce

Run npm install

Expected behavior: [What you expect to happen]

It should not fail

Actual behavior: [What actually happens]

npm install fails

Version

1.6.2

Additional Information

Using post-install or pre-install to remove the git folder does not work in our case. When we run npm ci on the pipeline, this remove command will throw an error because the node_modules folder will be removed.

felixhammerl commented 5 years ago

I am not sure what you mean by it fails "sometimes"? The project contains no submodules or other git modules. It might be that the test fixtures contain something that makes npm trip.

Can you add what node npm version you're using on your CI?

nikoWah commented 5 years ago

Hi I'm using node v12.5.0 and npm version 6.11.1

felixhammerl commented 5 years ago

oooooooooh i see what you're saying. sorry, my bad. the .git folder should obviously not be included in the module.

felixhammerl commented 5 years ago

Here's what I don't understand. The documentation says that it should never have made it in there.

Conversely, some files are always ignored:
* .git
* ...

Source: https://docs.npmjs.com/files/package.json#files

And yet, here it is...

~/projects/foo
> npm -v
6.10.3
~/projects/foo
> node -v
v12.10.0
~/projects/foo
> npm install @hawkeyesec/scanner-cli
npm WARN saveError ENOENT: no such file or directory, open '/Users/eufhammerl/projects/foo/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/Users/eufhammerl/projects/foo/package.json'
npm WARN foo No description
npm WARN foo No repository field.
npm WARN foo No README data
npm WARN foo No license field.

+ @hawkeyesec/scanner-cli@1.6.2
added 72 packages from 134 contributors and audited 106 packages in 6.331s
found 0 vulnerabilities

~/projects/foo
> ls
total 48
drwxr-xr-x  75 eufhammerl  staff   2.3K Sep 20 12:54 node_modules/
-rw-r--r--   1 eufhammerl  staff    20K Sep 20 12:54 package-lock.json
~/projects/foo
> ls -al node_modules/@hawkeyesec/scanner-cli/
total 112
drwxr-xr-x  18 eufhammerl  staff   576B Sep 20 12:54 ./
drwxr-xr-x   3 eufhammerl  staff    96B Sep 20 12:54 ../
-rw-r--r--   1 eufhammerl  staff    97B Oct 26  1985 .dockerignore
-rw-r--r--   1 eufhammerl  staff   242B Oct 26  1985 .editorconfig
drwxr-xr-x   3 eufhammerl  staff    96B Sep 20 12:54 .git/
-rw-r--r--   1 eufhammerl  staff   1.3K Oct 26  1985 .travis.yml
-rw-r--r--   1 eufhammerl  staff   3.5K Oct 26  1985 CONTRIBUTING
-rw-r--r--   1 eufhammerl  staff   3.4K Oct 26  1985 Dockerfile
-rw-r--r--   1 eufhammerl  staff   655B Oct 26  1985 ISSUE_TEMPLATE
-rw-r--r--   1 eufhammerl  staff   555B Oct 26  1985 LICENSE
-rw-r--r--   1 eufhammerl  staff   1.3K Oct 26  1985 PULL_REQUEST_TEMPLATE
-rw-r--r--   1 eufhammerl  staff    13K Oct 26  1985 README.md
drwxr-xr-x   5 eufhammerl  staff   160B Sep 20 12:54 bin/
drwxr-xr-x  13 eufhammerl  staff   416B Sep 20 12:54 lib/
-rw-r--r--   1 eufhammerl  staff   3.0K Sep 20 12:54 package.json
drwxr-xr-x   5 eufhammerl  staff   160B Sep 20 12:54 screenshots/
drwxr-xr-x   5 eufhammerl  staff   160B Sep 20 12:54 scripts/
-rw-r--r--   1 eufhammerl  staff   326B Oct 26  1985 testutils.js
nikoWah commented 5 years ago

Hmm... yes, that is really weird. Maybe try releasing with the latest npm version. Thanks for the awesome module btw.

Looking forward to the next patch release :)

felixhammerl commented 5 years ago

I am very certain this one is to blame on TravisCI. I've investigated it a bit more and look what I found: https://twitter.com/felixhammerl/status/1176912582382366721

nikoWah commented 5 years ago

Thanks for making this a priority. Glad you found the issue.

Mark1626 commented 5 years ago

I'm facing the same issue in

node: v10.16.0 npm: 6.9.0

Mark1626 commented 5 years ago

Would be happy to help dig into this. I believe Travis CI uses dpl under the hood. I'll look into the npm provider to see if there is anything that could be causing the problem

felixhammerl commented 5 years ago

I've added .git to the .npmignore, which fixes the issue. Frustrating nonetheless. Will make a bugfix release v1.7.1.