ENOAUDIT from registry.npmjs.org (503)

triaged
registry
priority:critical

(Emilis Dambauskas (Tokenmill)) #1

What I Wanted to Do

Run npm audit.
Expected to get the npm audit security report for my project.

What Happened Instead

Got this error:

> preact-demo@1.0.0 test:audit /home/emilis/...some-path.../preact-demo
> npm audit
npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.
npm ERR! A complete log of this run can be found in:
npm ERR!     /home/emilis/.npm/_logs/2019-01-15T11_06_44_261Z-debug.log
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! preact-demo@1.0.0 test:audit: `npm audit`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the preact-demo@1.0.0 test:audit script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR!     /home/emilis/.npm/_logs/2019-01-15T11_06_44_287Z-debug.log
npm ERR! Test failed.  See above for more details.

Related debug.log:

0 info it worked if it ends with ok
1 verbose cli [ '/home/emilis/Downloads/node-v11.2.0-linux-x64/bin/node',
1 verbose cli   '/home/emilis/bin/npm',
1 verbose cli   'run',
1 verbose cli   'test:audit' ]
2 info using npm@6.4.1
3 info using node@v11.2.0
4 verbose run-script [ 'pretest:audit', 'test:audit', 'posttest:audit' ]
5 info lifecycle preact-demo@1.0.0~pretest:audit: preact-demo@1.0.0
6 info lifecycle preact-demo@1.0.0~test:audit: preact-demo@1.0.0
7 verbose lifecycle preact-demo@1.0.0~test:audit: unsafe-perm in lifecycle true
8 verbose lifecycle preact-demo@1.0.0~test:audit: PATH: /home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin:/home/emilis/work/augmented-writter/preact-demo/node_modules/.bin:/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin:/home/emilis/work/augmented-writter/preact-demo/node_modules/.bin:/home/emilis/.npm-packages/bin:/home/emilis/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
9 verbose lifecycle preact-demo@1.0.0~test:audit: CWD: /home/emilis/work/augmented-writter/preact-demo
10 silly lifecycle preact-demo@1.0.0~test:audit: Args: [ '-c', 'npm audit' ]
11 silly lifecycle preact-demo@1.0.0~test:audit: Returned: code: 1  signal: null
12 info lifecycle preact-demo@1.0.0~test:audit: Failed to exec test:audit script
13 verbose stack Error: preact-demo@1.0.0 test:audit: `npm audit`
13 verbose stack Exit status 1
13 verbose stack     at EventEmitter.<anonymous> (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/npm-lifecycle/index.js:301:16)
13 verbose stack     at EventEmitter.emit (events.js:182:13)
13 verbose stack     at ChildProcess.<anonymous> (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/npm-lifecycle/lib/spawn.js:55:14)
13 verbose stack     at ChildProcess.emit (events.js:182:13)
13 verbose stack     at maybeClose (internal/child_process.js:978:16)
13 verbose stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:265:5)
14 verbose pkgid preact-demo@1.0.0
15 verbose cwd /home/emilis/work/...some-path.../preact-demo
16 verbose Linux 4.15.0-43-generic
17 verbose argv "/home/emilis/Downloads/node-v11.2.0-linux-x64/bin/node" "/home/emilis/bin/npm" "run" "test:audit"
18 verbose node v11.2.0
19 verbose npm  v6.4.1
20 error code ELIFECYCLE
21 error errno 1
22 error preact-demo@1.0.0 test:audit: `npm audit`
22 error Exit status 1
23 error Failed at the preact-demo@1.0.0 test:audit script.
23 error This is probably not a problem with npm. There is likely additional logging output above.
24 verbose exit [ 1, true ]

Reproduction Steps

Run npm audit in a project.

Details

The issue happens sometimes when I run npm audit via another npm script.

In this instance npm test.

Excerpt from package.json:

    "test": "npm run test:eslint && npm run test:sasslint && npm run test:jest && npm run test:audit",
    "test:audit": "npm audit",

Platform Info

$ npm --versions
{ 'preact-demo': '1.0.0',
  npm: '6.4.1',
  ares: '1.15.0',
  cldr: '34.0',
  http_parser: '2.8.0',
  icu: '63.1',
  modules: '67',
  napi: '3',
  nghttp2: '1.34.0',
  node: '11.2.0',
  openssl: '1.1.0i',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '7.0.276.38-node.11',
  zlib: '1.2.11' }

$ node -p process.platform
linux

`npm audit` fails on Node 8 and 10 with "audit Your configured registry (https://registry.npmjs.org/) does not support audit requests."
Seeing ENOAUDIT errors from default registry
(Jordan Foreman) #2

Any updates on this? Found this conversation addressing this at the CLI level, but it’d be nice to know whether or not the server-side issue is being worked on.

We recently added npm audits to our CI/CD pipeline, and we’re hitting this issue infrequently leading to a non-trivial amount of false-negatives in our pipeline.

We can probably anticipate this behavior of the audit endpoint and automate a retry, but that seems like an unsustainable band-aid.


(Frédéric Harper) #3

@JordanForeman: our support team is mostly available from 6AM - 6PM Pacific Time so someone will get back to you soon.


(Emilis Dambauskas (Tokenmill)) #4

Succeeded in getting this error directly via npm audit:

preact-demo$ npm audit
npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/emilis/.npm/_logs/2019-01-15T15_36_29_473Z-debug.log

debug.log:

$ cat /home/emilis/.npm/_logs/2019-01-15T15_36_29_473Z-debug.log
0 info it worked if it ends with ok
1 verbose cli [ '/home/emilis/Downloads/node-v11.2.0-linux-x64/bin/node',
1 verbose cli   '/home/emilis/bin/npm',
1 verbose cli   'audit' ]
2 info using npm@6.4.1
3 info using node@v11.2.0
4 verbose npm-session 1c5b33e83ba090b7
5 timing audit compress Completed in 17ms
6 info audit Submitting payload of 107466 bytes
7 http fetch POST 503 https://registry.npmjs.org/-/npm/v1/security/audits 13097ms
8 verbose stack Error: Your configured registry (https://registry.npmjs.org/) does not support audit requests.
8 verbose stack     at Bluebird.all.spread.then.catch (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/lib/audit.js:172:18)
8 verbose stack     at tryCatcher (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
8 verbose stack     at Promise._settlePromiseFromHandler (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
8 verbose stack     at Promise._settlePromise (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
8 verbose stack     at Promise._settlePromise0 (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
8 verbose stack     at Promise._settlePromises (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:689:18)
8 verbose stack     at Async._drainQueue (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:133:16)
8 verbose stack     at Async._drainQueues (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:143:10)
8 verbose stack     at Immediate.Async.drainQueues [as _onImmediate] (/home/emilis/Downloads/node-v11.2.0-linux-x64/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
8 verbose stack     at processImmediate (timers.js:632:19)
9 verbose cwd /home/emilis/...some-path.../preact-demo
10 verbose Linux 4.15.0-43-generic
11 verbose argv "/home/emilis/Downloads/node-v11.2.0-linux-x64/bin/node" "/home/emilis/bin/npm" "audit"
12 verbose node v11.2.0
13 verbose npm  v6.4.1
14 error code ENOAUDIT
15 error audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.
16 verbose exit [ 1, true ]

(Emilis Dambauskas (Tokenmill)) #5

Geographicly the error happened both on my machine in Vilnius, Lithuania (via same ISP, but different locations) and on our GitLab CI servers (which is somewhere in the clouds).


(Emilis Dambauskas (Tokenmill)) #6

Attaching my
package-lock.json (621.9 KB)


(Frédéric Harper) #7

I can reproduce it also. Seems like a server issue. I’ll talk to the team, sorry about that.


(Frédéric Harper) #8

Our team is looking at it right now, thanks for letting us know @emilis-tm


(Frédéric Harper) #9

It should be better now, but we are still working on a fix.


(Frédéric Harper) #10

@emilis-tm: let me know how it goes please.


(Emilis Dambauskas (Tokenmill)) #11

I cannot reproduce the error anymore. I ran npm audit ~30 times, our npm test script 10 times in a row and ran the test suite in the CI. They all finished without errors.

Not sure what you did, but it seems fixed for now :slight_smile:


(Daniel Kurzynski) #12

We have the same issue. We use npm audit in our build pipeline and it often fails. (1 out of 3).

npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.

npm ERR! A complete log of this run can be found in:

I extended audit.js a bit and could extract the following error response from npm:

{ Error: 503 No backends available - POST https://registry.npmjs.org/-/npm/v1/security/audits
    at res.buffer.catch.then.body (/usr/local/lib/node_modules/npm/node_modules/npm-registry-fetch/check-response.js:94:15)
    at process.internalTickCallback (internal/process/next_tick.js:77:7)
  headers:
   [Object: null prototype] {
     date: [ 'Wed, 16 Jan 2019 10:00:17 GMT' ],
     'content-type': [ 'application/json' ],
     'content-length': [ '42' ],
     connection: [ 'keep-alive' ],
     'set-cookie':
      [ '__cfduid=*******; expires=Thu, 16-Jan-20 10:00:04 GMT; path=/; domain=.registry.npmjs.org; HttpOnly' ],
     'expect-ct':
      [ 'max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"' ],
     vary: [ 'Accept-Encoding' ],
     server: [ 'cloudflare' ],
     'cf-ray': [ '499fbba17f78bd98-AMS' ],
     'x-fetch-attempts': [ '1' ] },
  statusCode: 503,
  code: 'E503',
  method: 'POST',
  uri: 'https://registry.npmjs.org/-/npm/v1/security/audits',
  body: { message: 'No frontdoor hosts available' },
  message:
   '503 No backends available - POST https://registry.npmjs.org/-/npm/v1/security/audits' }

(Emilis Dambauskas (Tokenmill)) #13

Can confirm I am seeing the npm ERR! code ENOAUDIT again :slightly_frowning_face:.

5 of 20 npm audit runs resulted in this error.


(Emilis Dambauskas (Tokenmill)) #14

The successful npm audit calls take ~2-4 seconds.
The ENOAUDIT take ~14-15 seconds.

I am using this shell script to test: for (( i=0; $i < 20; i= $i + 1 )) do echo $i; date; npm audit; date; sleep 1; done

The output looks like this:

0
Tr saus. 16 12:19:30 EET 2019
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 27550 scanned packages
Tr saus. 16 12:19:32 EET 2019
1
Tr saus. 16 12:19:33 EET 2019
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 27550 scanned packages
Tr saus. 16 12:19:35 EET 2019
2
Tr saus. 16 12:19:36 EET 2019
npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/emilis/.npm/_logs/2019-01-16T10_19_50_560Z-debug.log
Tr saus. 16 12:19:50 EET 2019
3
Tr saus. 16 12:19:51 EET 2019
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 27550 scanned packages
Tr saus. 16 12:19:54 EET 2019

...

(Florian Wilhelm) #15

For running npm audit as part of a CI/CD pipeline, this issue is quite bad, as it makes our pipeline often fail for no good reason. Is there any way to cache the audits database with a third party registry, such as nexus open source? I can’t find any docs on this.

Any idea when this will be resolved?


(Frédéric Harper) #16

Sorry about that, we are working on it, but the problem should have been diminished a lot since yesterday. I’ll get back to you as soon as I have more information on the status of this.


(Frédéric Harper) #17

We are actually making infrastructure changes be sure it won’t happen again. ETA should be about 2 hours. I’ll update this thread, but in the meantime, you can also follow on the status page.


(Jordan Foreman) #18

Just a quick heads up: we saw this occur again just 15 minutes ago. Not sure if that’s a side-affect of the in-flight infrastructure changes or not.


(Frédéric Harper) #19

FYI, you shouldn’t get anymore 503 for now, but to ensure it will be completely solved, we are providing more capacity to this service.

Let me know if you have any more problems, but it should be good now.

Thanks for your patience.


(Emilis Dambauskas (Tokenmill)) #20

No errors on my end for the last couple of hours.

Will see how it works tomorrow.