Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-26779

Npm audit fails for offline repository

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Affects Version/s: 7.27.0
    • Fix Version/s: None
    • Component/s: Artifactory
    • Labels:
      None
    • Location:
      External

      Description

      Problem description: When the npm client is configured with a virtual and the remote repository inside is offline, the npm audit command fails. This audit command should return results as Artifactory is connected to Xray and therefore should return the results from Xray

      Environment details: Art:  7.27.10, Xray:  3.38.2.

      What is the impact to the customer - What are they trying to achieve? They’re trying to run the npm audit command while having the remote repository offline

      Steps to reproduce:

      1. Set up Artifactory and Xray 
      2. Create a virtual npm repo with a local and remote (npmjs) that’s indexed in Xray
      3. Install an npm package from the virtual repository
      4. Turn the remote npm repo offline
      5. Execute the $ npm audit command

      Expected: npm audit returns results from Xray

      Actual: the npm client fails with the following error:

      > npm audit
      npm ERR! code ENOAUDIT
      npm ERR! audit Your configured registry (http://ART_URL/artifactory/api/npm/npm/) may not support audit requests, or the audit endpoint may be temporarily unavailable.
      

      Here are the relevent request/service logs (see below for full stacktrace):

      artifactory-request:

      2022-01-02T06:53:13.207Z|69b254659dc06af2|<IP>|anonymous|POST|/api/npm/Maya-Virtual-Npm/-/npm/v1/security/audits/quick|500|1915|0|7|npm/6.13.4 node/v12.16.1 win32 x64

      artifactory-service:

      2022-01-02T06:53:13.206Z [jfrt ] [ERROR] [69b254659dc06af2] [c.e.m.GlobalExceptionMapper:48] [p-nio-8081-exec-5085] - Repo is offline. Cannot use the HTTP client.
      java.lang.IllegalStateException: Repo is offline. Cannot use the HTTP client.
      at org.artifactory.repo.HttpRepo.getHttpClient(HttpRepo.java:1100)
      

      It’s worth noting that after removing the remote repo from the virtual, the npm audit succeeds, pulling the report from Xray:

      artifactory-request.log:

      2022-02-08T11:25:35.969Z|79a97d3038b3c360|<IP>|admin|POST|/api/npm/npm/-/npm/v1/security/audits|200|889|0|92|npm/6.14.4 node/v12.16.2 darwin x64
      

      searching for the trace id in xray-request:

      xray-request.log:2022-02-08T11:25:35.949Z|79a97d3038b3c360|<IP>|jfrt@01fnb3kt87gmn81tj682980dey|POST|/api/v1/audit/npm|200|-1|2973|62.504000|XrayJavaClient/1.0.8

      Onprem

       

       

      Workaround: Turn the repository back online but this defeats the purpose of having the offline option

        Attachments

          Activity

              People

              Assignee:
              Unassigned
              Reporter:
              samr Sam Rosenstein
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-26789 -
                  SYNCHRONIZED
                  • Last Sync Date: