docs(npm): explain situations where parsing resolved can fail

Follow up for the following discussion dependabot#7030 (comment)
yeikel · Apr 18, 2023 · 0da4006 · 0da4006
1 parent 5ff6316
commit 0da4006
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb
@@ -95,11 +95,12 @@ def inferred_npmrc # rubocop:disable Metrics/PerceivedComplexity
         known_registries = []
         JSON.parse(package_lock.content).fetch("dependencies", {}).each do |dependency_name, details|
           resolved = details.fetch("resolved", DEFAULT_NPM_REGISTRY)
-
+          
           begin
             uri = URI.parse(resolved)
           rescue URI::InvalidURIError
             # Ignoring non-URIs since they're not registries.
+            # This can happen if resolved is `false`, for instance. This can happen due to the following npm6 bug https://github.com/npm/cli/issues/1138
             next
           end