Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Useage with Yarn #249

Open
jahilldev opened this issue Sep 9, 2020 · 1 comment
Open

Useage with Yarn #249

jahilldev opened this issue Sep 9, 2020 · 1 comment

Comments

@jahilldev
Copy link

jahilldev commented Sep 9, 2020
edited
Loading

First of all, thanks for this!

I'm trying to use this with yarn but I get the following error:

$ yarn audit --json|npm-audit-reporter-teamcity

{"type":"warning","data":"Resolution field \"[email protected]\" is incompatible with requested version \"minimatch@^2.0.1\""}
{"type":"warning","data":"Resolution field \"[email protected]\" is incompatible with requested version \"minimatch@^2.0.1\""}
{"type":"warning","data":"Resolution field \"[email protected]\" is incompatible with requested version \"lodash@~1.0.1\""}
{"type":"warning","data":"Resolution field \"[email protected]\" is incompatible with requested version \"minimatch@~0.2.11\""}
{"type":"warning","data":"Resolution field \"[email protected]\" is incompatible with requested version \"minimatch@~0.2.11\""}
undefined:2
{"type":"auditAdvisory","data":{"resolution":{"id":1500,"path":"stylelint>meow>yargs-parser","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"10.1.0","paths":["stylelint>meow>yargs-parser","ts-jest>yargs-parser"]}],"id":1500,"created":"2020-03-26T19:21:50.174Z","updated":"2020-05-01T01:05:15.020Z","deleted":null,"title":"Prototype Pollution","found_by":{"link":"","name":"Snyk Security Team","email":""},"reported_by":{"link":"","name":"Snyk Security Team","email":""},"module_name":"yargs-parser","cves":[],"vulnerable_versions":"<13.1.2 || >=14.0.0 <15.0.1 || >=16.0.0 <18.1.2","patched_versions":">=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2","overview":"Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects.  \nParsing the argument `--foo.__proto__.bar baz'

SyntaxError: Unexpected token { in JSON at position 1278
    at JSON.parse (<anonymous>)
    at Socket.<anonymous> (C:\git\vouchercloud-idl\IDL.Web.Vc\node_modules\npm-audit-reporter-teamcity\dist\index.js:12:19)
    at Socket.emit (events.js:203:15)
    at endReadableNT (_stream_readable.js:1145:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)
error Command failed with exit code 1.

Do you have any suggestions?

Any help much appreciated!

Thanks
@cy6erskunk
Copy link
Owner

Hi @jhukdev! Sorry for the long silence, it looks like I've messed up my GitHub notification settings somehow...

yarn audit processing is broken atm, I'm checking if there is any simple solution (its output it quite different, actually).
The only workaround I could suggest now is to generate package-lock.json file to enable usage of npm audit command and use it instead, removing package-lock.json afterward, e.g.
npm i --package-lock-only && npm audit --json|npm-audit-reporter-teamcity && rm package-lock.json

Sorry for the inconvenience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cy6erskunk @jahilldev