When I try to execute npm audit
in my (Angular 7) app, I get the following npm error:
npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://nexus.xxx.com/repository/yyy/) does not support audit requests, or the audit endpoint is temporarily unavailable.
Does anyone know how I can get Nexus to support npm audit
?
In addition, Nexus Repository Manager supports running your own private registry, also known as a hosted repository, using the npm format.
As noted in the linked JIRA (NEXUS-16954), it should be possible to workaround NXRM by using npm audit --registry=https://registry.npmjs.org
.
UPDATE (May 11th 2020): As of NXRM version 3.23, npm audit should work with systems that have Sonatype Firewall or IQ server configured. The message returned should no longer error but explain this. A further JIRA ticket has been opened to track desire for this command to work without the workaround stated here but not implemented as of this update.
The solution with npm audit --registry=https://registry.npmjs.org
only works if your npm client has internet access to registry.npmjs.org.
If this is not the case and you don't want to pay for Nexus Firewall or Nexus Lifecycle, you can set up another proxy that redirects all calls to https://nexus.xxx.com/repository/yyy/-/npm/v1/security/audits and all of its subpaths to https://registry.npmjs.org/-/npm/v1/security/audits.
Something like https://github.com/chovyy/npm-audit-proxy might be helpful.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With