unable to scan npm projects when peer dependencies isnt resolved.

[whatthes]

when i run npm install followed by an xray scan, xray runs "npm ls --json --all --package-lock-only --prod", which churns out peer dependecies error and produces no xray results.

Is there a way to subvert this?

[EstebanDugueperoux2]

Hi,

I have same issue, invoking "npm ls" with "--silent" args avoid stderr output. I think a pull request on https://github.com/jfrog/jfrog-vscode-extension/blob/0ab056a851c7a96b103826459d47899240fb804d/src/main/utils/cmds/npm.ts#L14C9-L14C9 to add this "--silent" option will solve this issue.

Regards.

[Or-Geva]

@EstebanDugueperoux2 & @whatthes, jfrog-vscode-extension version 2.3.6 has been released and includes a fix for this issue.

[EstebanDugueperoux2]

Hi @Or-Geva,

I have tested with https://github.com/Armanidrisi/devblog example projet, after a npm install without peer dependencies errors, after a scan from the JFrog view I get following logs :

`[DEBUG - 09:46:44] Trying to read credentials from KeyStore... [DEBUG - 09:46:45] Resolved JFrog platform URL: [DEBUG - 09:46:45] Resolved Xray URL: https://registry.saas.cagip.group.gca/xray [DEBUG - 09:46:45] Resolved Artifactory URL: https://registry.saas.cagip.group.gca/artifactory [DEBUG - 09:46:50] Successfully connected to Xray version: 3.41.4 [DEBUG - 09:46:51] Artifactory connection success. [INFO - 09:46:51] Refresh: loading data from cache [DEBUG - 09:46:51] WorkSpace 'devblog' has no data in cache [INFO - 09:51:53] Refresh: loading data from cache [DEBUG - 09:51:53] WorkSpace 'devblog' has no data in cache [INFO - 09:51:57] Checking for updates [DEBUG - 09:51:57] You are not entitled to run Advanced Security scans [INFO - 09:51:57] Refresh: starting workspace scans 🐸 [INFO - 09:51:57] Locating package descriptors in workspace "devblog". [DEBUG - 09:51:58] package.json files to scan: [file:///c%3A/Users/ETPOX64/git/devblog/package.json] [ERR - 09:52:00] Error: Command failed: npm ls --json --all npm ERR! peer dep missing: @aws-sdk/credential-providers@^3.201.0, required by mongodb@5.7.0 npm ERR! peer dep missing: @mongodb-js/zstd@^1.1.0, required by mongodb@5.7.0 npm ERR! peer dep missing: kerberos@^2.0.1, required by mongodb@5.7.0 npm ERR! peer dep missing: mongodb-client-encryption@>=2.3.0 <3, required by mongodb@5.7.0 npm ERR! peer dep missing: snappy@^7.2.2, required by mongodb@5.7.0 npm ERR! peer dep missing: ts-node@>=9.0.0, required by postcss-load-config@4.0.1

[DEBUG - 09:52:00] Error: Command failed: npm ls --json --all npm ERR! peer dep missing: @aws-sdk/credential-providers@^3.201.0, required by mongodb@5.7.0 npm ERR! peer dep missing: @mongodb-js/zstd@^1.1.0, required by mongodb@5.7.0 npm ERR! peer dep missing: kerberos@^2.0.1, required by mongodb@5.7.0 npm ERR! peer dep missing: mongodb-client-encryption@>=2.3.0 <3, required by mongodb@5.7.0 npm ERR! peer dep missing: snappy@^7.2.2, required by mongodb@5.7.0 npm ERR! peer dep missing: ts-node@>=9.0.0, required by postcss-load-config@4.0.1

at checkExecSyncError (node:child_process:880:11)
at Object.execSync (node:child_process:951:15)
at Object.<anonymous> (node:electron/js2c/asar_bundle:2:12711)
at _.executeCmd (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:631716)
at t.NpmCmd.runNpmLs (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:595515)
at h.refreshDependencies (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:505444)
at p.createDependenciesTrees (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:613160)
at T.createDependenciesTree (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:564181)
at T.scanPackageDependencies (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:562584)
at T.repopulateWorkspaceTree (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:546763)
at async c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:545219
at async c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:630360

[ERR - 09:52:00] An npm project was partially scanned. Hint: Ensure that there are no errors from the command 'npm ls --all' in the directory 'c:\Users\ETPOX64\git\devblog'' [WARN - 09:52:00] Eos runner could not find binary to run [INFO - 09:52:00] Found 0 Eos issues in workspace = 'c:\Users\ETPOX64\git\devblog' (elapsed 0.013 seconds) [INFO - 09:52:00] Scanning descriptor c:\Users\ETPOX64\git\devblog\package.json for dependencies issues [DEBUG - 09:52:00] Sending dependency graph "devblog-nodejs" to Xray for analyzing. Using Watches: [cats-p0100-maven-staging-intranet] [DEBUG - 09:52:03] Usage Report: Usage report sent successfully. [DEBUG - 09:52:06] [c:\Users\ETPOX64\git\devblog\package.json] reported change in progress 0% -> 82% [INFO - 09:52:14] Found 2 unique CVE issues for descriptor c:\Users\ETPOX64\git\devblog\package.json (elapsed 14.066 seconds) [INFO - 09:52:14] Workspace 'devblog' scan ended [INFO - 09:52:14] Scans completed 🐸 (elapsed 16.437 seconds) [DEBUG - 09:52:50] Creating diagnostics for descriptor 'c:\Users\ETPOX64\git\devblog\package.json'`

Regards.

[Or-Geva]

Hey @EstebanDugueperoux2, which npm version are you currently using? Were you able to see partial results or is it still showing none, as it did before?