Comments (8)
alexthemark
commented on May 18, 2024
1
The repo i've been using is private but I created a minimal example at https://github.com/alexthemark/example-unmet-peer-dep. If you clone that, run npm install, and run npm run build:bom, you should see the error.
Interestingly, if I have a global install of cyclonedx-npm and I run <- this was untrue, my debugging just got in the waycyclonedx-npm --output-file=bom.json from the command line, it will display the same error, but will not throw the error that fails the entire script. I see the error, but the script will continue to run and write bom.json. I'm not sure what's causing the difference (and I'm on a mac in case that might change things).
from cyclonedx-node-npm.
jkowalleck
commented on May 18, 2024
I am thinking of a cli switch to suppress/ignore errors from npm ls
Therefore it might help to have your use case as a reproducible example somehow.
Could you share your npm lock file or point me to a setup where this behavior can be seen?
from cyclonedx-node-npm.
alexthemark
commented on May 18, 2024
Adding to the above, when I run npm run build:bom I receive the following fatal error:
npm run build:bom
> [email protected] build:bom
> cyclonedx-npm --output-file=bom.json
DEBUG | options: {"packageLockOnly":false,"omit":[],"flattenComponents":false,"specVersion":"1.4","outputFormat":"JSON","outputFile":"bom.json","mcType":"application"}
DEBUG | packageFile: /Users/code/example-amplify-app/package.json
DEBUG | projectDir: /Users/code/example-amplify-app
DEBUG | lockFile: /Users/code/example-amplify-app/package-lock.json
INFO | gather dependency tree ...
DEBUG | npm-ls: run /opt/homebrew/lib/node_modules/npm/bin/npm-cli.js with ["ls","--json","--all","--long"] in /Users/code/example-amplify-app
WARN | npm-ls: STDERR
npm ERR! code ELSPROBLEMS
npm ERR! invalid: [email protected] /Users/code/example-amplify-app/node_modules/react
{
"error": {
"code": "ELSPROBLEMS",
"summary": "invalid: [email protected] /Users/code/example-amplify-app/node_modules/react",
"detail": ""
}
}
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/.npm/_logs/2022-08-29T17_45_07_711Z-debug-0.log
ERROR | npm-ls: errors
{}
/Users/code/example-amplify-app/node_modules/@cyclonedx/cyclonedx-npm/dist/builders.js:80
throw new Error(`npm-ls exited with errors: ${error.errno ?? '???'} ${error.code ?? npmLsReturns.status ?? 'noCode'} ${error.signal ?? npmLsReturns.signal ?? 'noSignal'}`);
^
Error: npm-ls exited with errors: ??? 1 noSignal
at BomBuilder.fetchNpmLs (/Users/code/example-amplify-app/node_modules/@cyclonedx/cyclonedx-npm/dist/builders.js:80:19)
at BomBuilder.buildFromLockFile (/Users/code/example-amplify-app/node_modules/@cyclonedx/cyclonedx-npm/dist/builders.js:43:41)
at Object.run (/Users/code/example-amplify-app/node_modules/@cyclonedx/cyclonedx-npm/dist/cli.js:97:19)
at Object.<anonymous> (/Users/code/example-amplify-app/node_modules/@cyclonedx/cyclonedx-npm/bin/cyclonedx-npm-cli.js:2:27)
at Module._compile (node:internal/modules/cjs/loader:1097:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1151:10)
at Module.load (node:internal/modules/cjs/loader:975:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
at node:internal/main/run_main_module:17:47
Node.js v17.6.0
from cyclonedx-node-npm.
jkowalleck
commented on May 18, 2024
tried to install https://github.com/alexthemark/example-unmet-peer-dep
via npm ci
got an error straight away
Click to expand the error mesage
npm ERR! code ERESOLVE npm ERR! ERESOLVE could not resolve npm ERR! npm ERR! While resolving: [email protected] npm ERR! Found: [email protected] npm ERR! node_modules/react npm ERR! react@"^18.2.0" from the root project npm ERR! peer react@">= 16.8.0" from @aws-amplify/[email protected] npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! 14 more (@aws-amplify/ui-react-v1, @radix-ui/react-presence, ...) npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer react@"17.0.2" from [email protected] npm ERR! node_modules/react-dom npm ERR! peer react-dom@">= 16.8.0" from @aws-amplify/[email protected] npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! peer react-dom@"^16.8 || ^17.0" from @radix-ui/[email protected] npm ERR! node_modules/@aws-amplify/ui-react/node_modules/@radix-ui/react-dropdown-menu npm ERR! @radix-ui/react-dropdown-menu@"0.1.6" from @aws-amplify/[email protected] npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! 3 more (@radix-ui/react-menu, @radix-ui/react-portal, @aws-amplify/ui-react-v1) npm ERR! npm ERR! Conflicting peer dependency: [email protected] npm ERR! node_modules/react npm ERR! peer react@"17.0.2" from [email protected] npm ERR! node_modules/react-dom npm ERR! peer react-dom@">= 16.8.0" from @aws-amplify/[email protected] npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! peer react-dom@"^16.8 || ^17.0" from @radix-ui/[email protected] npm ERR! node_modules/@aws-amplify/ui-react/node_modules/@radix-ui/react-dropdown-menu npm ERR! @radix-ui/react-dropdown-menu@"0.1.6" from @aws-amplify/[email protected] npm ERR! node_modules/@aws-amplify/ui-react npm ERR! @aws-amplify/ui-react@"^3.4.1" from the root project npm ERR! 3 more (@radix-ui/react-menu, @radix-ui/react-portal, @aws-amplify/ui-react-v1) npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force, or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! See /.../.npm/eresolve-report.txt for a full report.npm ERR! A complete log of this run can be found in:
npm ERR! /.../.npm/_logs/2022-09-06T12_15_07_227Z-debug-0.log
install via npm ci --force of cause worked.
but it resulted in a state where even npm ls was unable to get the tree without errors.
but even though it errored out, npm ls --json -a -l still echoed usable JSON.
this means, that possibley a switch ala --ignore-npm-errors might be affective, that ignores npm-ls error status and still would cause to try parse the JSON.
from cyclonedx-node-npm.
alexthemark
commented on May 18, 2024
Yep -- that would be perfect. Obviously I wish that I didn't have unmet peer deps and npm ls errors, but I'm tied to a library tied to a library. And I'd rather have npm ls errors and an SBOM than npm ls errors and no SBOM.
from cyclonedx-node-npm.
alexthemark
commented on May 18, 2024
I'm happy to contribute that flag, or wait for a fix.
from cyclonedx-node-npm.
jkowalleck
commented on May 18, 2024
I am already on it :)
from cyclonedx-node-npm.
alexthemark
commented on May 18, 2024
Thank you!! My repository is now successfully building its sbom!
from cyclonedx-node-npm.
Related Issues (20)
- [TRACK] CycloneDX SBOM in `npm-cli`
- FEAT: render `metadata.lifecycles`
- FEAT: render property `cdx:reproducible`
- add info to SBOM results: which version of `npm-ls` was used in the process
- [BUG] In context of npm workspaces (monorepo), sbom generation for workspace does not work if workspace does not contain node_modules (even if empty) HOT 2
- Some `ref` fields have no meaning HOT 7
- Hello, I am a novice, for yarn or pnpm managed projects, can I also use cyclonedx-npm to generate sbom, how to use it HOT 1
- [BUG] hashes on wrong element
- [FEAT] support workspaces HOT 2
- [FEAT]: Add Silent or Quiet flag for CLI HOT 4
- more logs: skipped validation if requested
- Allow programmatic usage of SBOM builder
- Support pedigree HOT 1
- feat: set devDependencies `component.scope` to `excluded`
- feat: generate hashes for other than sha-512 HOT 8
- [BUG] When '--legacy-peer-deps' is used to install dependencies, and generate with '--ignore-npm-errors --omit peer' sbom cannot be generated. HOT 5
- [Question] BOM creation blocked due to `npm ls` invalid package error - dependency conflict HOT 7
- support CDX 1.5
- Sbom file is not fully generated via CICD Pipelines HOT 1
- support NPM 10 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-node-npm.