Open myzonjkee opened 1 year ago
Any news on this? Facing the same issue, would like to specify the registry URL for the audit request.
Hi !
I have the same issue.
I didn't understand why the registry had to be https://registry.npmjs.org/ ( https://github.com/jeremylong/DependencyCheck/blob/33c4c98e868b6b34d32ada870de79f9fa56aa42e/core/src/main/java/org/owasp/dependencycheck/analyzer/PnpmAuditAnalyzer.java#L207C31-L207C31 ). I modified my version of PNPM so that it ignores the --registry
argument. The request worked correctly but the response is not suitable. I have this exception:
org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to parse C:\jenkins\workspace\blabla\blabla\pnpm-lock.yaml file from the NPM Audit API (PnpmAuditAnalyzer) . at org.owasp.dependencycheck.analyzer.PnpmAuditAnalyzer.analyzePackage (PnpmAuditAnalyzer.java:271) at org.owasp.dependencycheck.analyzer.PnpmAuditAnalyzer.analyzeDependency (PnpmAuditAnalyzer.java:93) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131) at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88) at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37) at java.util.concurrent.FutureTask.run (FutureTask.java:264) at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1136) at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:635) at java.lang.Thread.run (Thread.java:840) Caused by: org.json.JSONException: No value for github_advisory_id
The company I work at uses JFrog Artifactory and the pnpm audit
command works perfectly on my computer.
For the moment I have no other solution than to allow connection to the default registry.
Same here, we need to be able to provide our own registry otherwise npm will block requests if too frequent.
we accept PRs
Is your feature request related to a problem? Please describe. Pnpm Audit Analyzer throws
ECONNREFUSED
error due to npm registry. It would be great to be able to specify my own npm package registry url.Describe the solution you'd like Suggesting to add a new optional Command Line Argument called
--npmRegistry <url>
or just--registry <url>
. Default value can be: https://registry.npmjs.org/Additional context