search

ossillate-inc / packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
https://packj.dev
GNU Affero General Public License v3.0
627 stars 36 forks source link

Failed to dump json content to file: Object of type Commit is not JSON serializable #93

Closed Jane-Hopp closed 6 months ago

Jane-Hopp commented 6 months ago

Describe the bug When auditing a package I always get the message: Failed to dump json content to file /tmp/report_file_name.json: Object of type Commit is not JSON serializable.

To Reproduce Steps to reproduce the behavior:

  1. Execute the command: docker run -v /tmp:/tmp/packj -it ossillate/packj:latest audit --trace -p npm:browserify
  2. Look at the end of the report
  3. See error: Failed to dump json content to file /tmp/packj/packj_audit_xw3c332_/report_4fa1somg.json: Object of type Commit is not JSON serializable

Expected behavior There should be a report in JSON format listing the reasons why the package is undesirable. Like this: => Complete report: /tmp/packj_54rbjhgm/report_npm-browserify-17.0.0_hlr1rhcz.json { "undesirable": [ "old package: 702 days old", "invalid or no author email: expired author email domain", "generates new code at runtime", "reads files and dirs", "forks or exits OS processes", ] }

Screenshots Error message: error_message

Additional context

  1. I found that the JSON report files are incorrect. For example: incorrect_json_file

  2. The same error appears when I run the program without using docker.

ashishbijlani commented 6 months ago

Thanks! Looks like commit objects need to be serialized. Would love to receive a FIX on the issue from you.

KyeRussell commented 6 months ago

FWIW for whoever picks this up (if not me): when looking into this, I've noticed that Packj also sometimes attempts to serialize set, which the default standard library JSON encoder does not serialize.