Open christo8989 opened 1 year ago
Maybe related? https://github.com/npm/cli/issues/6257
I can confirm that Bug. Very weird behavior, it took me a long time to find out what's the actual problem here.
Since most of our servers don't have internet access, we have a Apache Proxy on one machine that passes through all requests to registry.npmjs.org
:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName npm.customdomain.com
AllowEncodedSlashes NoDecode
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
ProxyPass /repository/npm/-/npm/v1/security/audits https://registry.npmjs.org/-/npm/v1/security/audits
[...]
</VirtualHost>
</IfModule>
When I use https://registry.npmjs.org
as registry on a machine with internet access, npm audit
works fine.
When I use https:///npm.customdomain.com/repository/npm
as registry, npm audit
fails with the same package-lock.json
file as described above by the OP.
When I change lockfileVersion
to 2
in this file, it works again.
; node version = v20.9.0
; npm version = 10.1.0
Maybe related? #6257
@christo8989 I cannot actually see how.
It's been a while since I've visited this.
That other issue might not be related and I don't remember why I tagged it. Maybe just because it's related to npm audit but I can't say for certain.
It's been a while since I've visited this.
@christo8989 Have you found any workaround? I had to downgrade to npm v8. :disappointed:
OK, I finally got it! Besides /-/npm/v1/security/audits
, you now have to also forward /-/npm/v1/security/advisories
(see also https://docs.npmjs.com/cli/v9/commands/npm-audit#bulk-advisory-endpoint):
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName npm.customdomain.com
AllowEncodedSlashes NoDecode
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
ProxyPass /repository/npm/-/npm/v1/security/audits https://registry.npmjs.org/-/npm/v1/security/audits
ProxyPass /repository/npm/-/npm/v1/security/advisories https://registry.npmjs.org/-/npm/v1/security/advisories
[...]
</VirtualHost>
</IfModule>
I haven't due to time constraints. The plan is to update the version of the private registry.
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
npmrc
Cli
Output
However, if I comment out the custom registry, then
npm audit
works as expected.Expected Behavior
npm audit
works as expected with a custom registry.Steps To Reproduce
See "Current Behavior"
Environment