better-npm-audit
better-npm-audit copied to clipboard
Audit not executing if github url present in package.json
Hi,
If in package.json github url is included then better-npm-audit throwing below error, any way is it possible to handle this scenario.
package.json
{ "name": "my application", "version": "1.0.0", "description": "Application", "main": "app.js", "scripts": { "start": "node app.js" }, "license": "UNLICENSED", "dependencies": { "body-parser": "^1.19.0", "compression": "^1.7.4", "config": "^3.3.7", "express": "^4.16.3", "request": "git+https://github.com/Sujay-shetty/request.git", "request-promise": "^4.2.2", "swagger-ui-express": "^4.4.0", "uuid": "^7.0.0" }, "devDependencies": { "@types/request-promise": "^4.1.46", "ts-node": "^8.9.1", "typescript": "^3.4.5" } }
Error :
Could you please help me how to skip audit for github url or any custom url if it is present in package.json
Thanks, Sujay
This is an npm issue not a better-npm-audit issue but since I hit this page through Google I might as well provide a solution.
The latest versions of npm 6, 7, and 8 are all able to handle this situation. So update your npm. If you're just using whatever npm version came with Node.js then updating it wholesale would also solve your problem.
It's specifically older versions of npm 6 that error out when git dependencies are present as far as I know. I'm not sure which version fixed this problem but this might be something that better-npm-audit would want to document.
For context I ran into this same issue a while ago, though I use the github:org/repo#master
syntax instead.