Open markcellus opened 4 years ago
What is
typeof packageLockJsonContents
?
object
. But I was assuming the package would automatically JSON.stringify with proper content-type
.
sorry didn't mean to close this
How come it is not still answered? How to use it? What should be the type of body option?
The code here in npm cli gives some clues as to the expected structure, which it then passes to /-/npm/v1/security/audits/quick
(it only does this if calling the bulk API endpoint /-/npm/v1/security/advisories/bulk
failed just before; that one accepts a different format which comes from prepareBulkData in the same file).
I can't find any source for this but I have a feeling that /-/npm/v1/security/audits
accepts very similar (if not identical) structure to /-/npm/v1/security/audits/quick
.
FWIW I had success with the following code snippet, which demonstrates the body internals that the 'audits' API expects and shows how to do a simple "are there any vulns/advisories?" lookup for 1 package, in this case cookie
:
// Actually you can omit the line below now that `fetch` is a built-in global, enabled by default since Node 18.
// const fetch = require('node-fetch');
const body = {
'name': 'package-which-depends-on-cookie-but-this-string-is-irrelevant',
'version': '0.0.0',
'requires': {
'cookie': '^0.4.2'
},
'dependencies': {
'cookie': {
'version': '0.4.2'
}
}
};
fetch('https://registry.npmjs.org/-/npm/v1/security/audits', {
method: 'POST',
body: JSON.stringify(body),
headers: {'Content-Type': 'application/json'}
})
.then(res => {
return res.json();
})
.then(res => {
console.log(JSON.stringify(res, null, 2));
})
.catch(err => console.error(err));
Hey @isaacs. Trying to use package. But I'm not quite sure if I'm using it correctly 😀 . when trying to pass the contents of package-lock.json to
opts.body
like this...But I get the following error:
How should the
opts.body
be formatted? Thanks!