Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Enable audit command for enterprise registry npm

My question is about how to enable npm audit command in my npm enterprise registry

When I am trying to run npm audit command i am getting the following error

{
  "error": {
    "code": "ENOAUDIT",
    "summary": "Your configured registry (https://registry.npmjs.mydomain/) does not support audit requests.",
    "detail": ""
  }
}

Here is my research

I tried with the following command and its working

npm audit --json --registry https://registry.npmjs.org/

But when I use

npm audit --json --registry https://registry.npmjs.mydomain/

It does not work. How can I configure to make my registry to work with npm audit command

like image 718
Anil Kumar R Avatar asked Jul 13 '18 11:07

Anil Kumar R


People also ask

Is npm audit fix -- force?

If the chain of metavulnerabilities extends all the way to the root project, and it cannot be updated without changing its dependency ranges, then npm audit fix will require the --force option to apply the remediation.

How do I check my npm registry?

You can show the registry of a specific package with the npm view command. When you use npm config get registry you will see the default registry.


2 Answers

I have the same problem. We're using artifactory for private npm registry which doesn't support npm audit yet. Simplest solution which works for me is:

npm audit --registry=https://registry.npmjs.org

Alternative solution:

  1. backup config file for your private registry (most probably it's ~/.npmrc)
  2. change registry on public npm: npm set registry https://registry.npmjs.org
  3. use npm audit / npm audit fix
  4. revert private registry configuration back

Update 2020

In case of artifactory private npm registry - It does support npm audit now, so you can use npm audit / npm audit fix there without any additional configuration. But if your private npm registry still doesn't support npm audit – steps above will be valid for you.

like image 114
Ihor Avatar answered Oct 06 '22 19:10

Ihor


Jfrog Artifactory now fully support the 'npm audit' command (since version 6.10)

Furthermore, Using Jfrog Xray in combination with Artifactory will also enrich the audit report with more vulnerabilities and security info From Xray database.

https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.10

like image 1
Yoaz Menda Avatar answered Oct 06 '22 19:10

Yoaz Menda