Plugin does not recognise a npm project as such.

[CzernyJ]

Describe the bug Although the project is a npm project that´s getting wrapped in a docker the jfrog plugin claims that it is an unsupported project type.

To Reproduce

• Create a node project as well as a Dockerfile.
• Create the project from existing source.
• Try jfrog Plugin for XRay Scanning

Or a quicker way:

• Creat new Node.js project
• jfrog Plugin claims unsupported project type

Expected behavior Since there is a package.json the jfrog Plugin should recognise it as a npm project eligible for xray-scanning.

Screenshots

Versions

• IDEA version: 2020.3.2 (Ultimate)
• JFrog IDEA plugin version: 1.7.0
• Operating system: macOS 10.15.7
• Xray version: SaaS jfrog cloud

[yahavi]

@CzernyJ Thanks for reporting this issue. Before the scan is started, the plugin searches for package.json files under your workspace. If the package.json file added after IntelliJ started, the plugin does not aware of it. It will be after the next IntelliJ restart or a scan refresh. Please be also noticed that the plugin expects the npm project to be installed, running npm install. However, it looks like in your case the plugin didn't recognize yet your project.

Does this issue consist after clicking on the refresh button? Does this issue consist after restarting IntelliJ?

If it doesn't work, can you please try to run it on our npm-example?

Looking forward to your feedback.

[CzernyJ]

Ok looks like a restart of IntelliJ did solve it.

However I still get no results in the plugin although the XRay watch web view is showing several. Here an example:

It isn´t a connection issue, I could verify the connection with another mvn project.

[yahavi]

@CzernyJ, After installing the npm dependencies and refreshing the scan, the project's dependency tree should appear. Once the plugin detects the package-lock.json file, it will watch for change and automatically rerun a quick Xray scan. I believe the pacakge-lock.json file was missing when the plugin ran the Xray scanning.

Did you click on the refresh/restated IntelliJ after running npm install? Do you see any errors in the Event Log?

Please let me know if it helped. We'd also appreciate any suggestions for usability improvements.

[CzernyJ]

@yahavi I gave it another test run:

• npm install (via IntelliJ Run configuration)
• package-lock.json is present
• refreshed
• no events were logged in Event Log but still no scan results.

Is there some kind of debug logging for the plugin that can be enabled?

[yahavi]

@CzernyJ Did you click on this refresh button? After a click on the above refresh button you should see the following message in the event log:

15:16   JFrog Xray: [INFO] Found npm project: <path-to-project>

Can you please try to use our npm-example project?

Is there some kind of debug logging for the plugin that can be enabled?

Yes, see the Troubleshooting.

[CzernyJ]

Ok looks like I´m back at the original problem.

If I run your npm-example it works.

However if I then close your project go back to my test-project it seems that it is considered a non npm project. Even after I again ran npm install

This could explain why the plugins refresh button does nothing in my example (also no log entry in the IntelliJ log) vs. your npm-example.

[yahavi]

@CzernyJ, Can you please share with us your x-ray-test project? You can also choose to share only the package.json file. Thanks.

[CzernyJ]

Here you are. I just omitted some select files (Jenkinsfile, Readme and ressources).

x-ray-test.zip

[yahavi]

@CzernyJ , It works on my environment:

I have Intellij IDEA ultimate 2020.3.2 and MacOS Bug Sur 11.1. Almost like you.

[CzernyJ]

Ok I´m really puzzled by this. I already deleted the .iml file and the .idea folder (several times) and created a new project from the existing source. The behavior on my machine did not change.

The plugin seems not be misconfigured, because with your npm-example I got results.

The only difference I can think of is that I have already put some docker images of this project into artifactory for testing. But I have no idea why this should have an influence on the plugin....

[yahavi]

@CzernyJ, I think I understand now. The plugin has default excluded paths with the following Ant pattern:

**/*{.idea,test,node_modules}*

Your project name is x-ray-test which is filtered out by the default *test* filter. Can you please try to delete the test from the excluded paths list? (Change the Npm excluded paths to **/*{.idea,node_modules}*)

Please let me know if it helped.

[CzernyJ]

Ok that was it. Guess I have to choose better project names in the future...

Thanks so much for the help.

[yahavi]

Thanks for your feedback @CzernyJ.

I created https://github.com/jfrog/ide-plugins-common/pull/23 to log the excluded paths and prevent future confusions.