Running NPM Audit gives 503 ENOAUDIT error

(Phil Saville) #1

What I Wanted to Do

I am running npm audit --registry= in the console and am expecting to see any security issues or vulnerabilities to be shown

What Happened Instead

Instead I got the error

npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry ( does not support audit requests, or the audit endpoint is temporarily unavailable.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/name/.npm/_logs/2019-02-20T13_40_37_407Z-debug.log

and within the debug log I get the following…

0 info it worked if it ends with ok
1 verbose cli [ '/Users/name/.nvm/versions/node/v10.5.0/bin/node',
1 verbose cli   '/Users/name/.nvm/versions/node/v10.5.0/bin/npm',
1 verbose cli   'audit',
1 verbose cli   '--registry=' ]
2 info using npm@6.8.0
3 info using node@v10.5.0
4 verbose npm-session 7652a7ad12ca5c99
5 http fetch POST 503 13269ms
6 verbose stack Error: Your configured registry ( does not support audit requests, or the audit endpoint is temporarily unavailable.
6 verbose stack     at Bluebird.all.spread.then.catch (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/lib/audit.js:201:18)
6 verbose stack     at tryCatcher (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
6 verbose stack     at Promise._settlePromiseFromHandler (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
6 verbose stack     at Promise._settlePromise (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
6 verbose stack     at Promise._settlePromise0 (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
6 verbose stack     at Promise._settlePromises (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:690:18)
6 verbose stack     at _drainQueueStep (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:138:12)
6 verbose stack     at _drainQueue (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:131:9)
6 verbose stack     at Async._drainQueues (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:147:5)
6 verbose stack     at Immediate.Async.drainQueues [as _onImmediate] (/Users/name/.nvm/versions/node/v10.5.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
6 verbose stack     at runCallback (timers.js:696:18)
6 verbose stack     at tryOnImmediate (timers.js:667:5)
6 verbose stack     at processImmediate (timers.js:649:5)
7 verbose cwd /Users/directory
8 verbose Darwin 18.0.0
9 verbose argv "/Users/name/.nvm/versions/node/v10.5.0/bin/node" "/Users/name/.nvm/versions/node/v10.5.0/bin/npm" "audit" "--registry="
10 verbose node v10.5.0
11 verbose npm  v6.8.0
12 error code ENOAUDIT
13 error audit Your configured registry ( does not support audit requests, or the audit endpoint is temporarily unavailable.
14 verbose exit [ 1, true ]

Reproduction Steps

Can be reproduced by running npm audit --registry=


Until last week this command worked fine on this project. I can’t see any changes that would cause it to stop working, and it also works on another application on my local machine

Platform Info

$ npm --versions
{ 'project': '5.27.0',
  npm: '6.8.0',
  ares: '1.14.0',
  cldr: '33.0',
  http_parser: '2.8.0',
  icu: '61.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.32.0',
  node: '10.5.0',
  openssl: '1.1.0h',
  tz: '2018c',
  unicode: '10.0',
  uv: '1.20.3',
  v8: '',
  zlib: '1.2.11' }
$ node -p process.platform
(Lars Willighagen) #2

I see you moved the topic out of the #bugs category, is npm audit working again?

(Phil Saville) #3

No I’m still persistently getting the same error… was unsure if bugs or support was the right place to put this though

(Lars Willighagen) #4

It definitely shouldn’t happen, but I don’t know if it’s a bug either. It could be a local network problem, but it could just as well be the CLI producing invalid data.

(Phil Saville) #5

I thought it could be a local network problem too but the problem seems localised.

Within the application that I’m trying to run npm audit against we have 2 package files, 1 file sits at the root, and the other sits nested in a child directory. Running the audit on the parent package works fine, but running against the child package creates the error above.

(Lars Willighagen) #6

I don’t see the same error with just that information. Can you post the child package-lock.json, or abnormal parts of it? For example, we’ve had problems with audits that contain removed versions of event-stream.

(Phil Saville) #7

Attached is the package-lock.json.

I did look previously and see some other posts mentioning event-stream but I’m using 3.3.2 which seemed to be ok

package-lock.json (966.3 KB)

1 Like
(Lars Willighagen) #8

To my surprise, I was able to reproduce this issue (together with a package.json based on this lock, I forgot to ask about that). Unfortunately I don’t have the time right now to figure out why. Attached is the package.json I generated if other people want to take a look.

package.json (5.4 KB)

(Phil Saville) #9

Thanks for taking a look… if you believe it’s something in the package then I will spend some more time looking a particular module

(Phil Saville) #10

For reference and in case anyone else sees this thread… the issues seems to lie with the @storybook/react package… just trying to work out why

(Pedr Browne) #11

@savlaaaar did you resolve this issue?

1 Like
(Volodymyr Parlah) #12

Last couple days I receiving ENOAUDIT error when trying to run npm audit command. Error occurring randomly, I got about 7 fails from 10 runs…