Your configured registry (https://registry.npmjs.org/) does not support audit requests.


(James Alexander Rosen) #1

I’m having (intermittent) trouble running audits on a namespaced package:

my-computer$ node --version
v10.13.0
my-computer $ npm --version
6.4.1
my-computer $ npm audit
npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.

npm ERR! A complete log of this run can be found in: …

The logs:

0 info it worked if it ends with ok
1 verbose cli [ '/Users/me/.nvm/versions/node/v10.13.0/bin/node',
1 verbose cli   '/Users/me/.nvm/versions/node/v10.13.0/bin/npm',
1 verbose cli   'audit' ]
2 info using npm@6.4.1
3 info using node@v10.13.0
4 verbose npm-session ae8198aa32a23cc7
5 timing audit compress Completed in 16ms
6 info audit Submitting payload of 92242 bytes
7 http fetch POST 500 https://registry.npmjs.org/-/npm/v1/security/audits 50350ms
8 verbose stack Error: Your configured registry (https://registry.npmjs.org/) does not support audit requests.
8 verbose stack     at Bluebird.all.spread.then.catch (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/lib/audit.js:172:18)
8 verbose stack     at tryCatcher (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
8 verbose stack     at Promise._settlePromiseFromHandler (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
8 verbose stack     at Promise._settlePromise (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
8 verbose stack     at Promise._settlePromise0 (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
8 verbose stack     at Promise._settlePromises (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:689:18)
8 verbose stack     at Async._drainQueue (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:133:16)
8 verbose stack     at Async._drainQueues (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:143:10)
8 verbose stack     at Immediate.Async.drainQueues [as _onImmediate] (/Users/me/.nvm/versions/node/v10.13.0/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
8 verbose stack     at runCallback (timers.js:705:18)
8 verbose stack     at tryOnImmediate (timers.js:676:5)
8 verbose stack     at processImmediate (timers.js:658:5)
9 verbose cwd /Users/me/Code/my-project
10 verbose Darwin 18.2.0
11 verbose argv "/Users/me/.nvm/versions/node/v10.13.0/bin/node" "/Users/me/.nvm/versions/node/v10.13.0/bin/npm" "audit"
12 verbose node v10.13.0
13 verbose npm  v6.4.1
14 error code ENOAUDIT
15 error audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.
16 verbose exit [ 1, true ]

I also notice that when I ran npm install, it changed a bunch of entries in my package-lock.json along these lines:

-      "integrity": "sha512-XsP0vf4As6BfqglxZqbqQ8SR6KQot2AgxvR0gG+WtUkf90vUXchMOZQtPf/Hml1rEffJupqL/tIrU6EYhsUQjw==",
+      "integrity": "sha1-CynUHmqA+p4tSlvp1gLh2dAhd/Y=",

This was raised in GitHub as npm/npm#20960, but was closed without being addressed.


(James Alexander Rosen) #2

I have no trouble running an audit on a non-namespaced package that consumes the namespaced package in question.

The HTTP response for submitForFullReport is

HTTP 500
Date: Tue, 27 Nov 2018 21:44:26 GMT
Content-Type: application/json
Content-Length: 31
Connection: keep-alive
Set-Cookie: ,__cfduid=[REDACTED]; expires=Wed, 27-Nov-19 21:43:35 GMT; path=/; domain=.registry.npmjs.org; HttpOnly,
Expect-CT: max-age=604800 report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-Ray,4807c5702c17541a-LAX
X-Fetch-Attempts: 1

An error occurred

I don’t see much useful info in there, other than the 500, which points to an exception in the server.


(Stephanie ) #4

Try npm update then npm audit


(James Alexander Rosen) #5

Good idea! Sadly, I get the same output. I also tried

$ npm install -g npm
$ npm audit

with the same results.


(Stephanie ) #6

Since there was a recent deprecation for fsevents, delete your node_modules folder then try running npm install --> npm update --> npm audit


(Lars Willighagen) #7

See also the possibly related bug report here:

(Edit: I somehow only registered that other report as being ‘npm audit returns 500’, and not that it was specifically about flatmap-stream.)


(James Alexander Rosen) #8

@stephanie Sadly, no change after this, either.


(James Alexander Rosen) #9

@larsgw great find! Unfortunately,

$ npm ls event-stream
@fastly/fui-chrome@4.0.0 /Users/jamesrosen/Code/fui-chrome
└── (empty)

$ npm ls flatmap-stream
@fastly/fui-chrome@4.0.0 /Users/jamesrosen/Code/fui-chrome
└── (empty)

But now I have a lead that the problem might be a yanked version, even if that package isn’t event-stream or flatmap-stream.


(Stephanie ) #10

Did you delete all your npm packages/node_modules?


(James Alexander Rosen) #11

Yes:

$ rm -rf node_modules
$ npm i
$ npm update
$ npm ls event-stream
@fastly/fui-chrome@4.0.0 /Users/jamesrosen/Code/fui-chrome
└── (empty)

$ npm ls flatmap-stream
@fastly/fui-chrome@4.0.0 /Users/jamesrosen/Code/fui-chrome
└── (empty)

$ npm audit
(fails)

(James Alexander Rosen) #12

By selectively removing things from package-lock.json, then running npm audit, I’ve narrowed the problem down to a small handful of dependencies. One of them is ember-cli-pagination@^3.1.3. I haven’t made it any further than that.


(Stephanie ) #13

Hmm options you can try:

  1. Clearing your npm cache
  2. Downgrading that version of ember-cli-pagination
  3. Delete node_modules, delete package-lock.json, then run npm install, npm update, then audit.

(system) #14

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.