Closed coclav closed 1 year ago
Hi @coclav, thank you for reporting this. I'm looking into it. Was any stack trace provided with the crash?
I've added some checks and validations to v1.37.0, it should fix the error or at least get us closer to the source. @coclav let me know if you're able to test this again. Thank you!
Unfortunately still the same issue on 1.39.2
:-(
There is no stack trace
Thanks, @coclav!
I think it makes sense to log stacks for these errors by default, for easier debugging.
I've released v1.41.0 that does just that, if you get a chance could you run it again and let me know what the stack looks like? Would help me pinpoint which include
gets called where.
Thank you 🙏
indeed :)
here is the console log
and to confirm these files get created in my folder
I encounter the same if I run it at the root of a monorepo (lerna w/ yarn workspaces). I get the same stacktrace too.
Thanks @coclav and @liamjones!
It might be that your package.json
manifest has no name
attribute defined. By default, we query the registry for root package vulnerabilities too, and the method expected a string at the crash site.
I've released v1.42.0 that makes checking root-level vulnerabilities opt-in, as that's more of an edge case I think. It shouldn't require you to have a name
attribute, and it should skip auditing the root by default.
It might be that your package.json manifest has no name attribute defined.
Yep, that'd be the case in our monorepo root package.json
.
The new version works here. 👍
all works 👍
and 0 issues haha
Sandworm version
➜ sandworm-audit -v
1.36.0
Describe the bug
sandworm audit fails because of type error, but cannot find more information about it
➜ sandworm-audit Sandworm 🪱 Security and License Compliance Audit ✔ Built dependency graph ✔ Got vulnerabilities ✔ Scanned licenses ✔ Scanned issues ✔ Tree chart done ✔ Treemap chart done ✔ CSV done ✔ Report written to disk
✅ Zero issues identified
✨ Done, but with errors: ❌ TypeError: Cannot read properties of undefined (reading 'includes') ❌ Failing because of errors
Manifest files
I don't feel comfortable sharing them here but happy to provide by email ?
To Reproduce install sandworm, mac m1, ventura 13.2.1, we use yarn and node 16 run sandworm
Expected behavior
I expect it to work 🤔 ?
System (please complete the following information):
Additional context