search

sandworm-hq / sandworm-audit

Security & License Compliance For Your App's Dependencies 🪱
https://sandworm.dev
MIT License
471 stars 5 forks source link

npmrc parser fails on boolean props #104

Closed petrakow closed 1 year ago

petrakow commented 1 year ago

Sandworm version 1.36.0

Describe the bug When audit reads out the npm configuration, it fails if you have boolean properties in the .npmrc configuration:

❌ Failed: str.replace is not a function                                                                                          
TypeError: str.replace is not a function                                                                                         
    at replaceEnvVars (/home/user/.nvm/versions/node/v18.6.0/lib/node_modules/@sandworm/audit/src/registry.js:10:14)        
    at /home/user/.nvm/versions/node/v18.6.0/lib/node_modules/@sandworm/audit/src/registry.js:19:28                         
    at Array.forEach (<anonymous>)                                                                                               
    at getRegistriesInfo (/home/user/.nvm/versions/node/v18.6.0/lib/node_modules/@sandworm/audit/src/registry.js:18:27)     
    at loadRegistriesInfo (/home/user/.nvm/versions/node/v18.6.0/lib/node_modules/@sandworm/audit/src/registry.js:71:20)    
    at setupRegistries (/home/user/.nvm/versions/node/v18.6.0/lib/node_modules/@sandworm/audit/src/registry.js:75:3)        
    at getReport (/home/user/.nvm/versions/node/v18.6.0/lib/node_modules/@sandworm/audit/src/index.js:44:9)                 
    at exports.handler (/home/user/.nvm/versions/node/v18.6.0/lib/node_modules/@sandworm/audit/src/cli/cmds/audit.js:164:15)

Manifest files Just add a boolean configuration property to your .npmrc file:

always-auth=false

To Reproduce Just add a boolean configuration property to your .npmrc file:

always-auth=false

Expected behavior Sandworm-audit should parse AND respect the available configuration settings from the different package managers. But at least from npm.

System (please complete the following information):

Additional context Add any other context about the problem here.

gabidobo commented 1 year ago

Hi @petrakow, thank you for reporting this! The issue should be fixed in v1.36.1, let me know if it works for you.

petrakow commented 1 year ago

Works great, thanks for the fast fix!