trfulcher
commented
4 years ago Also, let me know if I should upload the report PDF if that helps
Closed trfulcher closed 4 years ago
trfulcher
commented
4 years ago Also, let me know if I should upload the report PDF if that helps
rpokorny
commented
4 years ago Hi @trfulcher , thanks for reporting this issue. When you run the build with the copy-modules-webpack-plugin included in the configuration, does it finish without errors? As I try to reproduce, using the sample project that you referenced, I get the following:
Error: ENOENT: no such file or directory, stat '/home/rpokorny/Downloads/angular-7-webpack-4-boilerplate/node_modules/@angular/router/router.ts'Though at the same time, some files directories are copied to webpack-modules. This error, which is likely the same issue described in #14 , is probably preventing the build from copying all relevant files to the webpack-modules directory. I will continue investigating but for now I'd just like to know if you are getting a similar error.
trfulcher
commented
4 years ago OK so a bit of an update. I've done a fresh approach and upgraded to Angular8 CLI and generated a blank example app. Angular 8 has support for webpack config, which I've used to simply add in the sonatype plugin. Simply running npm start ( maps to ng serve ) the app runs fine and the webpack-modules is generated. I zipped that up and re-ran the nexusIQ cli. This time a better result, in that angular/common, angular/compiler and angular/platform-browser show up in the report. Still zero violations are shown, which is probably fine, it's almost like I'd want to identify a vulnerable dependency to add to the project just so I can prove to myself the expected result :-) I'll do a bit more work but if I can satisfy my questions I'll be willing to close the issue in a day or so
rpokorny
commented
4 years ago You may have noticed I released a new version of this plugin yesterday to try to address the no such file or directory issue that I found while trying to reproduce. Did your angular 8 attempt pick up that version (2.1.1)?
it's almost like I'd want to identify a vulnerable dependency to add to the project just so I can prove to myself the expected result :-)
Old jquery versions usually work well for that
trfulcher
commented
4 years ago Ok so, yes my code is using 2.1.1 of the plugin. We've upgraded our IQ server to v82 as well. I added in an old jquery to the project and re-ran the report. I can see it lists the vulnerability for jquery. So I can close this issue, thanks for checking...
Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.
Before rolling out IQ on my Angular apps, I've tried on an example project. I used https://github.com/samteb/angular-7-webpack-4-boilerplate as the basis, then added the plugin to webpack config with IncludePackageJsons set true.
Observations
What feature or behavior is this required for?
How could we solve this issue? (Not knowing is okay!)
I had to adjust tsconfig.json to exclude webpack-modules, see -
{ "compilerOptions": { "baseUrl": "./src", "target": "ES5", "module": "commonjs", "moduleResolution": "node", "sourceMap": true, "emitDecoratorMetadata": true, "experimentalDecorators": true, "noImplicitAny": true, "suppressImplicitAnyIndexErrors": true, "lib": ["es6", "dom"], "typeRoots": ["node_modules/@types"], "paths": { "@angular/*": [ "node_modules/@angular/*" ] } }, "exclude": [ "node_modules", "src/main.aot.ts", "webpack-modules" ] }