You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The support for npm dependencies that point to repositories, introduced in #4044 , seems to be broken, as calling 'npm view' on a package that is not in the official npm registry triggers an IOException.
09:20:59.844 [DefaultDispatcher-worker-1] ERROR org.ossreviewtoolkit.analyzer.managers.Npm - Resolving NPM dependencies for path 'package.json' failed with: IOException: Running 'npm view --json angular-tileview@0.6.1' in '[...]' failed with exit code 1:
{
"error": {
"code": "E404",
"summary": "'angular-tileview' is not in the npm registry.\nYou should bug the author to publish it\n(or use the name yourself!)\n\nNote that you can also install from a\ntarball, folder, http url, or git url.",
"detail": "\n 'angular-tileview@0.6.1' is not in the npm registry.\nYou should bug the author to publish it (or use the name yourself!)\n\nNote that you can also install from a\ntarball, folder, http url, or git url."
}
}
Furthermore, if a dependency (that points to a git repository) is also present in the official npm registry, wrong information might be pulled, as it might not be the same package.
The text was updated successfully, but these errors were encountered:
…try fails
This allows to handle packages that were never published to the NPM
registry but only ever referenced by (short) repository URL.
Fixes#5632.
Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
The support for npm dependencies that point to repositories, introduced in #4044 , seems to be broken, as calling 'npm view' on a package that is not in the official npm registry triggers an IOException.
Dependency in package.json
"angular-tileview": "github:tinydesk/angular-tileview",
Scanner output
Furthermore, if a dependency (that points to a git repository) is also present in the official npm registry, wrong information might be pulled, as it might not be the same package.
The text was updated successfully, but these errors were encountered: