Invalid package tree

I have been trying to troubleshoot an issue with OWASP Dependency Check node analyzer. Through the course of narrowing down the issue, I found sending the below JSON body to the npm audit api results in a HTTP 400 error code. Why?

{
"name": "test",
"version": "1.0.8",
"requires": {
	"is-dom": "^1.1.0"
},
"dependencies": {
	"is-dom": {
		"version": "1.1.0",
		"integrity": "sha1-rx/O0pJ0JEO7Wco/dqtegJB7Too=",
		"requires": {
			"is-object": "^1.0.1",
			"is-window": "^1.0.2"
		}
	}
},
"install": [],
"remove": [],
"metadata": {
	"npm_version": "6.11.3",
	"node_version": "v12.10.0",
	"platform": "linux"
}
}

If I remove the “requires” object of the “is-dom” dependency, it works.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.