Vulnerability Detector is not generating alerts for NPM packages in Ubuntu 20.04

[SeyiSoneye]

Wazuh version	Component	Install type	Install method	Platform
4.8.0-rc1	Vulnerability detector	Manager	Packages	Windows 11

Description

It has been detected in https://github.com/wazuh/wazuh/issues/23244 that Vulnerability Detection is currently not generating alerts for NPM packages on Windows 11.

Steps to reproduce

• Install a manager
• Install and register a Windows 11 agent
• Install a NPM package

PS C:\Users\Administrator> py -m pip install axios==0.1.0
Collecting axios==0.1.0
  Downloading axios-0.1.0-py3-none-any.whl (5.3 kB)
Collecting click
  Downloading click-8.1.7-py3-none-any.whl (97 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 97.9/97.9 kB 2.8 MB/s eta 0:00:00
Collecting lxml
  Downloading lxml-5.2.1-cp311-cp311-win_amd64.whl (3.8 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.8/3.8 MB 15.2 MB/s eta 0:00:00
Requirement already satisfied: requests in c:\python311\lib\site-packages (from axios==0.1.0) (2.28.1)
Collecting rich
  Downloading rich-13.7.1-py3-none-any.whl (240 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 240.7/240.7 kB 15.4 MB/s eta 0:00:00
Requirement already satisfied: colorama in c:\python311\lib\site-packages (from click->axios==0.1.0) (0.4.6)
Requirement already satisfied: charset-normalizer<3,>=2 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (2.1.1)
Requirement already satisfied: idna<4,>=2.5 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (3.4)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (1.26.12)
Requirement already satisfied: certifi>=2017.4.17 in c:\python311\lib\site-packages (from requests->axios==0.1.0) (2022.9.24)
Collecting markdown-it-py>=2.2.0
  Downloading markdown_it_py-3.0.0-py3-none-any.whl (87 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 87.5/87.5 kB ? eta 0:00:00
Requirement already satisfied: pygments<3.0.0,>=2.13.0 in c:\python311\lib\site-packages (from rich->axios==0.1.0) (2.13.0)
Collecting mdurl~=0.1
  Downloading mdurl-0.1.2-py3-none-any.whl (10.0 kB)
Installing collected packages: mdurl, lxml, click, markdown-it-py, rich, axios
Successfully installed axios-0.1.0 click-8.1.7 lxml-5.2.1 markdown-it-py-3.0.0 mdurl-0.1.2 rich-13.7.1
PS C:\Users\Administrator> python -m axios --version
python -m axios, version 0.1.0

• Check that after Syscollector scans the package is detected and the vulnerability was included in the inventory but no alert was generated.

The vulnerability does not come up in inventory or events

[sebasfalcone]

The package was installed via Pipy not npm

The vulnerability is not reported as vulnerable for Pipy, the behavior is expected