DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

NodeAuditAnalyzer failed on /github/workspace/client/package-lock.json

Open RooshanNaeem opened this issue 1 year ago • 0 comments

Hi,

I am using Dependency Check as Github Action, that is configured to run on PR on my nodeJs project. Below is the file for workflow. I want it to skip devdependencies with the flag --nodeAuditSkipDevDependencies, but introducing this flag throws error that

Error:  NodeAuditAnalyzer failed on /github/workspace/client/package-lock.json
[WARN] An error occurred while analyzing '/github/workspace/client/package-lock.json' (Node Audit Analyzer).

Can anyone help me getting rid of this error? This fails my check even though it generates the report but check gets failed and is causing hinderance.

`name: Dependency-Checker
on: 
  pull_request:
    branches:
    - master
    - trunk

jobs:
  depchecktest:
    runs-on: ubuntu-latest
    name: depecheck_test
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Build project with NPM
        run: npm ci --production
      - name: Depcheck
        uses: dependency-check/Dependency-Check_Action@main
        id: Depcheck
        with:
          project: 'myProject'
          path: '.'
          format: 'HTML'
          args: >
            --failOnCVSS 7
            --nodeAuditSkipDevDependencies`

RooshanNaeem avatar Oct 30 '23 13:10 RooshanNaeem