From a12d1a0113979ff69143c677220ea2fe264afe85 Mon Sep 17 00:00:00 2001 From: Tim Tong Date: Tue, 23 Aug 2022 15:44:20 -0700 Subject: [PATCH] fix: audit should throw a meaningful error message when no audit endpoint was found (#5246) close #5200 --- .changeset/gentle-kangaroos-agree.md | 5 +++++ .changeset/tough-eyes-study.md | 8 ++++++++ packages/audit/src/index.ts | 18 ++++++++++++++++++ packages/plugin-commands-audit/src/audit.ts | 2 ++ packages/plugin-commands-audit/test/index.ts | 18 ++++++++++++++++++ 5 files changed, 51 insertions(+) create mode 100644 .changeset/gentle-kangaroos-agree.md create mode 100644 .changeset/tough-eyes-study.md diff --git a/.changeset/gentle-kangaroos-agree.md b/.changeset/gentle-kangaroos-agree.md new file mode 100644 index 00000000000..791b3131035 --- /dev/null +++ b/.changeset/gentle-kangaroos-agree.md @@ -0,0 +1,5 @@ +--- +"pnpm": patch +--- + +Fail with a meaningful error when the audit endpoint doesn't exist [#5200](https://github.com/pnpm/pnpm/issues/5200). diff --git a/.changeset/tough-eyes-study.md b/.changeset/tough-eyes-study.md new file mode 100644 index 00000000000..3899669c90f --- /dev/null +++ b/.changeset/tough-eyes-study.md @@ -0,0 +1,8 @@ +--- +"@pnpm/audit": patch +"@pnpm/plugin-commands-audit": patch +--- + +- Add new Error type: AuditEndpointNotExistsError +- On AuditUrl returns 404, AuditEndpointNotExistsError will throw +- When audit handler catches AuditEndpointNotExistsError, the command will return to avoid execute further codes diff --git a/packages/audit/src/index.ts b/packages/audit/src/index.ts index bc32ed70869..603e2cb857c 100644 --- a/packages/audit/src/index.ts +++ b/packages/audit/src/index.ts @@ -35,6 +35,11 @@ export default async function audit ( retry: opts.retry, timeout: opts.timeout, }) + + if (res.status === 404) { + throw new AuditEndpointNotExistsError(auditUrl) + } + if (res.status !== 200) { throw new PnpmError('AUDIT_BAD_RESPONSE', `The audit endpoint (at ${auditUrl}) responded with ${res.status}: ${await res.text()}`) } @@ -53,3 +58,16 @@ function getAuthHeaders ( } return headers } + +export class AuditEndpointNotExistsError extends PnpmError { + constructor (endpoint: string) { + const message = `The audit endpoint (at ${endpoint}) is doesn't exist.` + super( + 'AUDIT_ENDPOINT_NOT_EXISTS', + message, + { + hint: 'This issue is probably because you are using a private npm registry and that endpoint doesn\'t have an implementation of audit.', + } + ) + } +} diff --git a/packages/plugin-commands-audit/src/audit.ts b/packages/plugin-commands-audit/src/audit.ts index 2edceaf9824..48729957bc0 100644 --- a/packages/plugin-commands-audit/src/audit.ts +++ b/packages/plugin-commands-audit/src/audit.ts @@ -171,6 +171,8 @@ export async function handler ( output: err.message, } } + + throw err } if (opts.fix) { const newOverrides = await fix(opts.dir, auditReport) diff --git a/packages/plugin-commands-audit/test/index.ts b/packages/plugin-commands-audit/test/index.ts index 1b426410084..6e27ed1c4e6 100644 --- a/packages/plugin-commands-audit/test/index.ts +++ b/packages/plugin-commands-audit/test/index.ts @@ -1,5 +1,6 @@ import path from 'path' import { audit } from '@pnpm/plugin-commands-audit' +import { AuditEndpointNotExistsError } from '@pnpm/audit' import nock from 'nock' import stripAnsi from 'strip-ansi' import * as responses from './utils/responses' @@ -154,3 +155,20 @@ test('audit sends authToken if alwaysAuth is true', async () => { expect(stripAnsi(output)).toBe('No known vulnerabilities found\n') expect(exitCode).toBe(0) }) + +test('audit endpoint does not exist', async () => { + nock(registries.default) + .post('/-/npm/v1/security/audits') + .reply(404, {}) + + await expect(audit.handler({ + dir: path.join(__dirname, 'fixtures/has-vulnerabilities'), + dev: true, + fetchRetries: 0, + ignoreRegistryErrors: false, + production: false, + userConfig: {}, + rawConfig, + registries, + })).rejects.toThrow(AuditEndpointNotExistsError) +})