search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.32k stars 1.26k forks source link

NodeAuditAnalyzer failure on package-lock.json #6503

Open AnthonyPomtree opened 6 months ago

AnthonyPomtree commented 6 months ago

I've read numerous posts about others having a similar issue, but none of the solutions on the other threads have yielding positive results.

We are in the middle of upgrading Node and Aurelia for our project, and we cannot get past the dependency check now b/c of changes introduced into the package-lock.json file. I've tried changing versions of the dependency check in the small hopes that would resolve it (our projects are currently using 8.4.3, but have also tried 9.0.9).

We have uninstalled/reinstalled node locally to see if a fresh install would fix it, but to no avail. I'm at my wits in and cannot figure out where to go from here.

` [INFO] Analysis Started [INFO] Finished File Name Analyzer (0 seconds) [WARN] dependency skipped: node module fsevents seems optional and not installed [INFO] Finished Node.js Package Analyzer (1 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (1 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (2 seconds) [INFO] Finished CPE Analyzer (6 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [ERROR] NodeAuditAnalyzer failed on D:\a\1\s\rCMS.Web.Presentation\package-lock.json [WARN] An error occurred while analyzing 'D:\a\1\s\rCMS.Web.Presentation\package-lock.json' (Node Audit Analyzer). [INFO] Finished Node Audit Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (0 seconds) [INFO] Finished Sonatype OSS Index Analyzer (2 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (12 seconds) [INFO] Writing HTML report to: D:\a\1\TestResults\dependency-check\Presentation.owasp.html [ERROR] Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.

Dependency Check completed with exit code 14. Dependency Check reports: [ 'D:\a\1\TestResults\dependency-check\Presentation.owasp.html' ] Dependency Check failed with message "Dependency Check exited with an error code (exit code: 14)."

[error]Dependency Check exited with an error code (exit code: 14).

Ending Dependency Check... Finishing: Presentation Dependency Check `

bsuchorowskiandea commented 2 months ago

Me neither. It's happening to us from time to time. Now I have a main branch that works and a branch with a few packages updated which doesn't work. I'm getting same errors as you, while locally is fine.