As I wrote previously, NPM got a great tool for checking security of the dependencies – npm audit.
However, if running npm audit and using private package registry (Proget, Artifactory, etc), it may fail with “npm ERR! 400 Bad Request – POST” when trying to send audit details collected about your dependencies for checking to https://<YOUR FEED URI>/-/npm/v1/security/audits – the assumed security audit endpoint of the private registry. Most likely, your registry doesn’t replicate official npm security API.
To fix the issue, simply add the public registry endpoint to your npm audit command line:
npm audit --registry="https://registry.npmjs.org/"
It works great on command line. Thanks.
My problem is that : i want to add it to script to enable every developer using it without add the public entry point.
To do this i simply add a script line in my package.json as following:
“audit”: “npm audit –registry=https://registry.npmjs.org”
However “npm run audit” not only outputs the security analysis result (same as run it from common line), but also appended one error message as following:
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! myFrontEnd@1.0.0 audit: `npm audit –registry=https://registry.npmjs.org`
npm ERR! Exit status 1
npm ERR! Failed at the myFrontEnd@1.0.0 audit script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\…\Roaming\npm-cache\_logs\2019-01-14T02_50_05_437Z-debug.log