DEVHIDE
Login Or Sign up

An error occurred while analyzing 'package-lock.json' (Node Audit Analyzer)

7k Views Asked by At

I try to use dependency-check-maven in every test build job in Jenkins:

mvn org.owasp:dependency-check-maven:6.2.2:aggregate -DskipSystemScope=true -Dformat=ALL -DprettyPrint=true -DcentralAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false -DyarnAuditAnalyzerEnabled=false -DbundleAuditAnalyzerEnabled=false -DversionCheckEnabled=true

Unfortunately I have a problem with few projects and Node Audit Analyzer, which checks package-lock.json files.

During running Maven's plugin there's a warning in log:

[WARNING] An error occurred while analyzing '/var/lib/jenkins/workspace/testbuild/project/module-web/src/main/resources/dev/package-lock.json' (Node Audit Analyzer).

which cause final error:

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.2.2:aggregate (default-cli) on project project: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR]     AnalysisException: Failed to read results from the NPM Audit API (NodeAuditAnalyzer); the analyzer is being disabled and may result in false negatives.
[ERROR]         caused by SocketException: Connection reset
[ERROR]     AnalysisException: Failed to read results from the NPM Audit API (NodeAuditAnalyzer); the analyzer is being disabled and may result in false negatives.
[ERROR]         caused by IOException: Error writing to server

In most problematic projects there's only one error: SocketException: Connection reset OR IOException: Error writing to server, but sometimes there are both of them in the same build log.

To use this plugin I added parameter -DnodeAuditAnalyzerEnabled=false but it's not a solution I want to accept.

I tried to execute Maven in debug mode. Here's a stacktrace with mentioned error:

[DEBUG] Error reading dependency or connecting to NPM Audit API
java.io.IOException: Error writing to server
    at sun.net.www.protocol.http.HttpURLConnection.writeRequests (HttpURLConnection.java:699)
    at sun.net.www.protocol.http.HttpURLConnection.writeRequests (HttpURLConnection.java:711)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0 (HttpURLConnection.java:1585)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream (HttpURLConnection.java:1492)
    at java.net.HttpURLConnection.getResponseCode (HttpURLConnection.java:480)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode (HttpsURLConnectionImpl.java:347)
    at org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch.submitPackage (NodeAuditSearch.java:176)
    at org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch.submitPackage (NodeAuditSearch.java:133)
    at org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzePackage (NodeAuditAnalyzer.java:188)
    at org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzeDependency (NodeAuditAnalyzer.java:145)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
    at java.lang.Thread.run (Thread.java:748)
[WARNING] An error occurred while analyzing '/var/lib/jenkins/workspace/testbuild/project/module-web/src/main/resources/dev/package-lock.json' (Node Audit Analyzer).
[DEBUG] 
org.owasp.dependencycheck.analyzer.exception.AnalysisException: Failed to read results from the NPM Audit API (NodeAuditAnalyzer); the analyzer is being disabled and may result in false negatives.
    at org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzePackage (NodeAuditAnalyzer.java:197)
    at org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzeDependency (NodeAuditAnalyzer.java:145)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
    at java.lang.Thread.run (Thread.java:748)
Caused by: java.io.IOException: Error writing to server
    at sun.net.www.protocol.http.HttpURLConnection.writeRequests (HttpURLConnection.java:699)
    at sun.net.www.protocol.http.HttpURLConnection.writeRequests (HttpURLConnection.java:711)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0 (HttpURLConnection.java:1585)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream (HttpURLConnection.java:1492)
    at java.net.HttpURLConnection.getResponseCode (HttpURLConnection.java:480)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode (HttpsURLConnectionImpl.java:347)
    at org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch.submitPackage (NodeAuditSearch.java:176)
    at org.owasp.dependencycheck.data.nodeaudit.NodeAuditSearch.submitPackage (NodeAuditSearch.java:133)
    at org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzePackage (NodeAuditAnalyzer.java:188)
    at org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer.analyzeDependency (NodeAuditAnalyzer.java:145)
    at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze (AbstractAnalyzer.java:131)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:88)
    at org.owasp.dependencycheck.AnalysisTask.call (AnalysisTask.java:37)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
    at java.lang.Thread.run (Thread.java:748)
[INFO] Finished Node Audit Analyzer (31 seconds)

In the same log in debug mode I found URL used by the anylyzer - https://registry.npmjs.org/-/npm/v1/security/audits Maybe this service has some limits?

I would be grateful for any help.

package-lock.json maven-dependency-check-plugin
Original Q&A
2

There are 2 best solutions below

0
On

I was getting a similar error:

NodeAuditAnalyzer failed on ...\package-lock.json An error occurred while analyzing '...\package-lock.json' (Node Audit Analyzer).

Deleting package-lock.json and the node_modules directory then running npm install to recreate fixed the issue.

0
On

I was having a similar error when running dependency check for Angular application in Jenkins:

[DependencyCheck] [ERROR] Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.

Upgrading Angular from v13 to v14 solved the problem. I'm running dependency-check version 6.1.6 and node v16.18.1.

Related Questions in PACKAGE-LOCK.JSON

Related Questions in MAVEN-DEPENDENCY-CHECK-PLUGIN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.