Running NPM Audit gives 503 ENOAUDIT error

What I Wanted to Do

I am running npm audit --registry=https://registry.npmjs.org in the console and am expecting to see any security issues or vulnerabilities to be shown

What Happened Instead

Instead I got the error

npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (http://registry.npmjs.org/) does not support audit requests, or the audit endpoint is temporarily unavailable.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/name/.npm/_logs/2019-02-20T13_40_37_407Z-debug.log

and within the debug log I get the following…

0 info it worked if it ends with ok
1 verbose cli [ '/Users/name/.nvm/versions/node/v10.5.0/bin/node',
1 verbose cli   '/Users/name/.nvm/versions/node/v10.5.0/bin/npm',
1 verbose cli   'audit',
1 verbose cli   '--registry=http://registry.npmjs.org' ]
2 info using npm@6.8.0
3 info using node@v10.5.0
4 verbose npm-session 7652a7ad12ca5c99
5 http fetch POST 503 http://registry.npmjs.org/-/npm/v1/security/audits 13269ms
6 verbose stack Error: Your configured registry (http://registry.npmjs.org/) does not support audit requests, or the audit endpoint is temporarily unavailable.
6 verbose stack     at Bluebird.all.spread.then.catch (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/lib/audit.js:201:18)
6 verbose stack     at tryCatcher (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
6 verbose stack     at Promise._settlePromiseFromHandler (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
6 verbose stack     at Promise._settlePromise (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
6 verbose stack     at Promise._settlePromise0 (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
6 verbose stack     at Promise._settlePromises (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:690:18)
6 verbose stack     at _drainQueueStep (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:138:12)
6 verbose stack     at _drainQueue (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:131:9)
6 verbose stack     at Async._drainQueues (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:147:5)
6 verbose stack     at Immediate.Async.drainQueues [as _onImmediate] (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
6 verbose stack     at runCallback (timers.js:696:18)
6 verbose stack     at tryOnImmediate (timers.js:667:5)
6 verbose stack     at processImmediate (timers.js:649:5)
7 verbose cwd /Users/directory
8 verbose Darwin 18.0.0
9 verbose argv "/Users/name/.nvm/versions/node/v10.5.0/bin/node" "/Users/name/.nvm/versions/node/v10.5.0/bin/npm" "audit" "--registry=http://registry.npmjs.org"
10 verbose node v10.5.0
11 verbose npm  v6.8.0
12 error code ENOAUDIT
13 error audit Your configured registry (http://registry.npmjs.org/) does not support audit requests, or the audit endpoint is temporarily unavailable.
14 verbose exit [ 1, true ]

Reproduction Steps

Can be reproduced by running npm audit --registry=https://registry.npmjs.org

Details

Until last week this command worked fine on this project. I can’t see any changes that would cause it to stop working, and it also works on another application on my local machine

Platform Info

$ npm --versions
{ 'project': '5.27.0',
  npm: '6.8.0',
  ares: '1.14.0',
  cldr: '33.0',
  http_parser: '2.8.0',
  icu: '61.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.32.0',
  node: '10.5.0',
  openssl: '1.1.0h',
  tz: '2018c',
  unicode: '10.0',
  uv: '1.20.3',
  v8: '6.7.288.46-node.8',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

I see you moved the topic out of the #bugs category, is npm audit working again?

No I’m still persistently getting the same error… was unsure if bugs or support was the right place to put this though

It definitely shouldn’t happen, but I don’t know if it’s a bug either. It could be a local network problem, but it could just as well be the CLI producing invalid data.

I thought it could be a local network problem too but the problem seems localised.

Within the application that I’m trying to run npm audit against we have 2 package files, 1 file sits at the root, and the other sits nested in a child directory. Running the audit on the parent package works fine, but running against the child package creates the error above.

I don’t see the same error with just that information. Can you post the child package-lock.json, or abnormal parts of it? For example, we’ve had problems with audits that contain removed versions of event-stream.

Attached is the package-lock.json.

I did look previously and see some other posts mentioning event-stream but I’m using 3.3.2 which seemed to be ok

package-lock.json (966.3 KB)

1 Like

To my surprise, I was able to reproduce this issue (together with a package.json based on this lock, I forgot to ask about that). Unfortunately I don’t have the time right now to figure out why. Attached is the package.json I generated if other people want to take a look.

package.json (5.4 KB)

Thanks for taking a look… if you believe it’s something in the package then I will spend some more time looking a particular module

For reference and in case anyone else sees this thread… the issues seems to lie with the @storybook/react package… just trying to work out why

@savlaaaar did you resolve this issue?

1 Like

Hello!
Last couple days I receiving ENOAUDIT error when trying to run npm audit command. Error occurring randomly, I got about 7 fails from 10 runs…

Faced the same problem. For me it is project specific error. So I guess that the problem somewhere in dependencies.

I’m getting that problem too, with npm 6.10.2. Just making sure it’s known that the bug hasn’t been fixed on the latest version.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.