search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.37k stars 2.72k forks source link

yarn audit fails: Unexpected audit response (Missing Metadata): false #9019

Open elonmallin opened 6 months ago

elonmallin commented 6 months ago

yarn audit fails with error Error: Unexpected audit response (Missing Metadata): false when some combination of dependencies exist.

Repro

  1. Create a package.json 
    {
"name": "yarn-audit-bug",
"dependencies": {
    "@cypress/webpack-dev-server": "^3.7.1",
    "html-webpack-plugin": "^5.5.3",
    "webpack": "^5.89.0"
}
}
  2. Run yarn install && yarn audit

Outcome

error Error: Unexpected audit response (Missing Metadata): false
    at Audit.<anonymous> (C:\Users\malliel\AppData\Local\node\corepack\yarn\1.22.21\lib\cli.js:59326:15)
    at Generator.next (<anonymous>)
    at step (C:\Users\malliel\AppData\Local\node\corepack\yarn\1.22.21\lib\cli.js:310:30)
    at C:\Users\malliel\AppData\Local\node\corepack\yarn\1.22.21\lib\cli.js:321:13
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

Expected outcome

Should report on vulns and not fail.

Additional info

yarn audit works if you instead do npm install first. npm audit works as well.

Environment

Yarn: 1.22.21 OS: Windows

Debshibraj123 commented 6 months ago

@elonmallin I CAN WORK ON THIS PLEASE ASSIGN ME THIS TASK

elonmallin commented 6 months ago

@Debshibraj123 I'm not a maintainer of this repo so can't assign tasks, I just created the issue

Zachatoo commented 3 months ago

I ran into this same issue on an existing project that I was updating a few dependencies for. Deleting node_modules and the yarn.lock file and running yarn install to rebuild the lock file resolved the issue for me.