Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-23963

Add support for npm "Bulk Advisory"

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Backlog
    • Priority: 4 - Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: NPM
    • Labels:
      None

      Description

      Description:

      From version 7.0, npm uses the much faster Bulk Advisory endpoint to optimize the speed of calculating audit results.
      https://docs.npmjs.com/cli/v7/commands/npm-audit

      Steps to reproduce:

      You can see that the request payload includes the workspace (

      {"<WORKSPACE>":["<VERSION>"]}

      ).

      However, the payload of *http://ART_URL/api/npm/npm/-/npm/v1/security/audits/quick* does not include the workspace which causes the user to not see any vulnerabilities.

       Meaning, npm scanning using NPM 7 with the new workspace feature is not supported. 

      *Tested on Arti 7.18.6, Xray 3.21.2 , NPM 7.15.1

      Expected results:

      The ability to scan npm using NPM 7 with the new workspace feature.

      Actual results:

      At the moment since Artifacotry not support this endpoint, the client get 404 response and fallback to the "npm/v1/security/audits/quick" endpoint.

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            yehudah Yehuda Hadad
            Votes:
            6 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-23963 -
                SYNCHRONIZED
                • Last Sync Date: