The Node Security Platform service has been depreciated since 30 September this year. I have been continuing using the NSP package until it finally failed today. I'd like to document the error in public so others can find it later. The error I got today: <blockquote> Error: Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io api.nodesecurity.io:443 </blockquote> <pre class="prettyprint"><code>> eslint . && nsp check (+) Error: Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io api.nodesecurity.io:443 npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! htm-gateway@1.0.1 lint: `eslint . && nsp check` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the project@1.0.1 lint script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above. </code></pre>

<blockquote> "beginning with npm@6, a new command, npm audit, recursively analyzes your dependency trees to identify specifically what’s insecure, recommend a replacement, or fix it automatically with <code>npm audit fix</code>." </blockquote> Hence, updating <pre class="prettyprint"><code>nsp check </code></pre> to <pre class="prettyprint"><code>npm audit --audit-level high </code></pre> Other configurations and options can be found here Note that <code>--audit-level high</code> flag might only work for NPM version > v6.4.0 (read v6.4.0-next.0 commits) Configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Added a flag of <code>--audit-level</code> to <code>npm audit</code> to allow it to pass if only vulnerabilities below a certain level are found. Example: <code>npm audit --audit-level=high</code> will exit with 0 if only low or moderate level vulns are detected. <hr> NPM Docs: https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities Official blog: https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting <hr> <blockquote> Updates about ignoring security advisory </blockquote> There are NPM packages made available to extend features of the new <code>npm-audit</code> command (like ignoring certain advisories), for examples: <ul> <li> audit-filter </li> <li> better-npm-audit (couldn't get the above package working, so created this package myself)</li> </ul>

Node Security service shutdown: getaddrinfo ENOTFOUND api.nodesecurity.io

The Node Security Platform service has been depreciated since 30 September this year. I have been continuing using the NSP package until it finally failed today. I'd like to document the error in public so others can find it later.

The error I got today:

Error: Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io api.nodesecurity.io:443

> eslint . && nsp check

(+) Error: Client request error: getaddrinfo ENOTFOUND api.nodesecurity.io api.nodesecurity.io:443
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] lint: `eslint . && nsp check`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] lint script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

How do I fix Getaddrinfo Enotfound error?

The error getaddrinfo ENOTFOUND localhost is caused by Webpack cannot found localhost address. To solve it, open the terminal: sudo nano /etc/hosts. Add following into the hosts file and save it.

What does error Getaddrinfo Enotfound mean?

If you try to run your JSON server and see this error message “getaddrinfo ENOTFOUND localhost,” it's happening because Webpack cannot find your localhost address.

"beginning with npm@6, a new command, npm audit, recursively analyzes your dependency trees to identify specifically what’s insecure, recommend a replacement, or fix it automatically with npm audit fix."

Hence, updating

nsp check

to

npm audit --audit-level high

Other configurations and options can be found here

Note that --audit-level high flag might only work for NPM version > v6.4.0 (read v6.4.0-next.0 commits)

Configurable audit level for non-zero exit npm audit currently exits with exit code 1 if any vulnerabilities are found of any level. Added a flag of --audit-level to npm audit to allow it to pass if only vulnerabilities below a certain level are found.

Example: npm audit --audit-level=high will exit with 0 if only low or moderate level vulns are detected.

NPM Docs: https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities

Official blog: https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting

Updates about ignoring security advisory

There are NPM packages made available to extend features of the new npm-audit command (like ignoring certain advisories), for examples:

audit-filter
better-npm-audit (couldn't get the above package working, so created this package myself)

Node Security service shutdown: getaddrinfo ENOTFOUND api.nodesecurity.io

Tags:

security

node.js

npm

Jee Mok

People also ask

1 Answers

Jee Mok

Recent Activity

Donate For Us

Node Security service shutdown: getaddrinfo ENOTFOUND api.nodesecurity.io

Tags:

security

node.js

npm

Jee Mok

People also ask

1 Answers

Jee Mok

Related questions

Recent Activity

Donate For Us