Unable to run as an npx command

[cutterbl]

Sandworm version latest (ran as 'npx' command)

Describe the bug When running npx @sandworm/audit I receive the following error

Error: Cannot find module '@pnpm/crypto.base32-hash' Require stack:

• /my/user/.npm/_npx/51438d1c8ff7d360/node_modules/dependency-path/lib/index.js
• /my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/node_modules/@pnpm/lockfile-file/lib/write.js
• /my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/node_modules/@pnpm/lockfile-file/lib/index.js
• /my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/src/files/lockfiles.js
• /my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/src/files/index.js
• /my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/src/index.js
• /my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/audit/src/cli/index.js at Function.Module._resolveFilename (node:internal/modules/cjs/loader:933:15) at Function.Module._load (node:internal/modules/cjs/loader:778:27) at Module.require (node:internal/modules/cjs/loader:1005:19) at require (node:internal/modules/cjs/helpers:102:18) at Object. (/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/dependency-path/lib/index.js:7:30) at Module._compile (node:internal/modules/cjs/loader:1105:14) at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10) at Module.load (node:internal/modules/cjs/loader:981:32) at Function.Module._load (node:internal/modules/cjs/loader:822:12) at Module.require (node:internal/modules/cjs/loader:1005:19) { code: 'MODULE_NOT_FOUND', requireStack: [ '/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/dependency-path/lib/index.js', '/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/node_modules/@pnpm/lockfile-file/lib/write.js', '/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/node_modules/@pnpm/lockfile-file/lib/index.js', '/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/src/files/lockfiles.js', '/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/src/files/index.js', '/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/utils/src/index.js', '/my/user/.npm/_npx/51438d1c8ff7d360/node_modules/@sandworm/audit/src/cli/index.js' ] }

To Reproduce Run npx @sandworm/audit against a local repository

Expected behavior To receive the expected output

Node (please complete the following information):

• Version [e.g. 14.17.3]: 16.16.0
• OS: Mac OS Monterey 12.6.3

Browser (please complete the following information):

• Device: MacBook Pro
• OS: Mac OS Monterey 12.6.3
• Browser: Chrome(?)
• Version: 110.0.5481.177 (Official Build) (x86_64)

[andreimarinescu]

Hey, @cutterbl. Thanks for submitting this, we're aiming to publish a fix ASAP.

In order to help us repro the issue a bit easier, could you share the package.json and package-lock.json files you're using? If this is impossible to share, could we at least get the dependencies and devDependencies objects from your package.json?

Thanks!

[cutterbl]

I saw this from multiple repositories, some with a private package manager (which I see you don't currently support). I did run it against Big Calendar, receiving the same error. package.json and yarn.lock are in GitHub repo.

[andreimarinescu]

Hi, @cutterbl. Thanks for that!

Judging by the contents of the stack trace you might be running a slightly old version of audit (about 1.5 weeks old I believe). I've just tried reproducing this using the latest Audit and it seems to work correctly (worth noting that npx won't download the latest version by default in case one already exists locally).

Attaching a screenshot below of the run for the current master HEAD of Big Calendar. Would you perhaps mind trying with npx @sandworm-audit@latest and seeing if this did the trick?

[cutterbl]

@andreimarinescu Ah. All npm requests, for me, run through a proxy in our private package manager (Nexus), because of my .npmrc file. I'll clear the cache there and hopefully get the up-to-date version. Sorry for the confusion.