exiting wiith error

[zilahir]

This started to happen all of a sudden.

The script is the following:

"npm-test": "npm audit --json --only="prod" | npm-audit-helper"

this was working fine, but now:

 npm audit --json --only=prod | npm-audit-helper

TypeError: Cannot read property 'name' of undefined

I am using npm 7 +, and it seems like the format of the report json had been changed?

If i am running the audit without the prod only flag:

54 vulnerabilities (1 low, 47 moderate, 6 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

=== A little bit of help ===

Where to start:

- run `npm audit fix` to automatically fix 17 issues. These should all be non-breaking upgrades, so don't stress.

- Resolve the 6 high severity issues above and run this command again to move to the next severity.

- The most problematic dependency seems to be semantic-release with 4 issues that need your attention.

It seems like ti's working, but i don't want to audit the devDependencies.

Thanks!

[denisdanielyan]

Repo case:

out.json.zip

npm-audit-helper < out.json

TypeError: Cannot read property 'name' of undefined at printVuln (/Users/denisdanielyan/.nvm/versions/node/v12.13.1/lib/node_modules/npm-audit-helper/node_modules/npm-audit-report-v2/lib/reporters/detail.js:35:28) at printVuln (/Users/denisdanielyan/.nvm/versions/node/v12.13.1/lib/node_modules/npm-audit-helper/node_modules/npm-audit-report-v2/lib/reporters/detail.js:74:15) at fullReport (/Users/denisdanielyan/.nvm/versions/node/v12.13.1/lib/node_modules/npm-audit-helper/node_modules/npm-audit-report-v2/lib/reporters/detail.js:20:19) at Object.module.exports [as detail] (/Users/denisdanielyan/.nvm/versions/node/v12.13.1/lib/node_modules/npm-audit-helper/node_modules/npm-audit-report-v2/lib/reporters/detail.js:9:27) at module.exports.Object.assign.reporters.reporters (/Users/denisdanielyan/.nvm/versions/node/v12.13.1/lib/node_modules/npm-audit-helper/node_modules/npm-audit-report-v2/lib/index.js:34:32) at printFullReport (/Users/denisdanielyan/.nvm/versions/node/v12.13.1/lib/node_modules/npm-audit-helper/lib/report-audit-v2.js:29:28) at cli (/Users/denisdanielyan/.nvm/versions/node/v12.13.1/lib/node_modules/npm-audit-helper/bin/cli.js:35:29) at processTicksAndRejections (internal/process/task_queues.js:93:5)

@zilahir:
We got it back up and running by reverting to [email protected]

[rouanw]

Which version of npm-audit-helper are you using?

npm 7 support was added in npm-audit-helper version 3.1.0.

[denisdanielyan]

I was actually using the latest version (npm i npm-audit-helper@latest) of npm-audit-helper which is why I also attached a repo-case .json file.

[zilahir]

same here, i am also using the latest version!

[zilahir]

fun fact: it doesnt same to be working with [email protected] either. the issue is the same:

script:

"npm-test": "npm audit --json | npm-audit-helper --prod-only",

output

➜  project git:(XES-1223) npm --v
6.14.13
➜  project git:(XES-1223) npm run npm-test

> [email protected] npm-test_ /Users/richardzilahi/work/project
> npm audit --json | npm-audit-helper --prod-only

TypeError: Cannot read property 'name' of undefined

[joebowbeer]

Related work: naugtur/npm-audit-resolver#34

[rouanw]

Thanks so much for the error reports. I've implemented a quick fix I'd like to test. Would you mind please running:

npm audit --json | npx [email protected]

and let me know if that resolves the issue? You might notice the count of vulnerabilities is wrong, you can ignore that.

If it does I'll clean it up and release it as a new patch.

[denisdanielyan]

Seems to be working fine:

`❯ npm audit --json | npx [email protected]
npm WARN exec The following package was not found and will be installed: [email protected]

npm audit report

postcss 7.0.0 - 8.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1693
fix available via npm audit fix --force
Will install @angular-devkit/[email protected], which is a breaking change
node_modules/postcss
node_modules/postcss-modules-local-by-default/node_modules/postcss

43 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force

=== A little bit of help ===

Where to start:

• run npm audit fix to automatically fix 37 issues. These should all be non-breaking upgrades, so don't stress.

• Resolve the 6 moderate severity issues above and run this command again to move to the next severity.

• The most problematic dependency seems to be @angular-devkit/build-angular with 5 issues that need your attention.
  `

[rouanw]

Thanks for checking @denisdanielyan. I've released the fix as 3.1.1.

[zilahir]

unfortunately ths is still not working :(

using npm 7+, with command:

"npm-test": "npm audit --json | npm-audit-helper --prod-only"

and the result is:

Where to start:

- run `npm audit fix` to automatically fix 83 issues. These should all be non-breaking upgrades, so don't stress.

- Resolve the 5 high severity issues above and run this command again to move to the next severity.

- The most problematic dependency seems to be stylelint with 7 issues that need your attention.

Where stylelint is dev dep, so it seems like the prod-only switch is still being ignored. :(

[rouanw]

Thanks @zilahir. That's a separate issue. Take a look at the docs – https://github.com/rouanw/npm-audit-helper#options. For npm 7, you can now tell npm audit directly to ignore dev dependencies. So for your script, you'll want something like:

"npm-test": "npm audit --json --only=prod | npm-audit-helper"