Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] NPM project directory validation fails in monorepo #278

Open
julianna-ciq opened this issue Oct 28, 2024 · 1 comment
Open

[BUG] NPM project directory validation fails in monorepo #278

julianna-ciq opened this issue Oct 28, 2024 · 1 comment
Labels
bug

Comments

@julianna-ciq
Copy link

julianna-ciq commented Oct 28, 2024
edited
Loading

Describe the bug

When auditjs runs, it detects what kind of package it's in. For NPM, it does that by checking to see if there's an npm_modules folder. However, you run auditjs from a monorepo sub-package, that sub-package may not have a node_modules folder.

To Reproduce
Steps to reproduce the behavior:

  1. Create a monorepo with a folder structure like this:
    /root/
    /root/package.json
    /root/package-lock.json
    /root/node_modules/
    /root/packages/my-subpackage/package.json
    /root/packages/my-subpackage/package-lock.json
    /root/packages/my-subpackage/custom-whitelist.json
  2. cd root/packages/my-subpackage
  3. npx auditjs ossi --whitelist custom-whitelist.json

Expected behavior
I expect that auditjs will successfully detect that this is an npm package, since there is a package-lock.json file.

Instead, you get an error:

AuditJS version: 4.0.45

√ Starting application
[2024-10-28T10:08:39.535] [ERROR] auditjs - Failed project directory validation. Are you in a (built) node, yarn, or bower project directory?
Error: Could not instantiate muncher
at new Application (C:...\AppData\Local\npm-cache_npx\9fdf97b2057c04c8\node_modules\auditjs\bin\Application\Application.js:72:19)
at Object. (C:...\AppData\Local\npm-cache_npx\9fdf97b2057c04c8\node_modules\auditjs\bin\index.js:206:23)
at Module._compile (node:internal/modules/cjs/loader:1358:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1416:10)
at Module.load (node:internal/modules/cjs/loader:1208:32)
at Module._load (node:internal/modules/cjs/loader:1024:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:174:12)
at node:internal/main/run_main_module:28:49

Desktop (please complete the following information):

  • OS: Windows 10
  • NodeJS Version: 20.13.1
  • Version: 4.0.45

Additional context

Code flow is:

  1. Check to see if the package is an NPM package
  2. By checking to see if there's a node_modules folder

Proposal
This could be addressed in a few different ways:

  1. Provide a --root flag, that points to where the node_modules go. If auditjs must process a node_modules folder, I believe this is the best answer.
  2. Check for package-lock.json, instead of / alternative to the node_modules folder
  3. Similar to the --bower flag, provide a --npm flag that just forces into the NPM mode.

I am open to contributing this change. Please advise if you are interested, and which change you'd prefer.

cc @bhamail / @DarthHater / @allenhsieh / @Slim-Shary
@julianna-ciq julianna-ciq mentioned this issue Oct 28, 2024
Merged
@bhamail
Copy link
Contributor

bhamail commented Oct 30, 2024

Time to vote. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bhamail @julianna-ciq