Describe the bug
When scanning an Angular application, the dependency checker application throws an error when it comes across package-lock files.
Version of dependency-check used
6.5.3
Log file
[INFO] Finished NVD CVE Analyzer (0 seconds)
[ERROR] NodeAuditAnalyzer failed on C:\a\1\s\NextGen\UserDriven\Website\SPA\package-lock.json
[WARN] An error occurred while analyzing 'C:\a\1\s\NextGen\UserDriven\Website\SPA\package-lock.json' (Node Audit Analyzer).
[INFO] Finished Node Audit Analyzer (0 seconds)
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
[INFO] Finished RetireJS Analyzer (1 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (4 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (24 seconds)
[INFO] Writing report to: C:\a\1\TestResults\dependency-check\dependency-check-report.xml
[INFO] Writing report to: C:\a\1\TestResults\dependency-check\dependency-check-report.html
[INFO] Writing report to: C:\a\1\TestResults\dependency-check\dependency-check-junit.xml
[ERROR] Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
Dependency Check completed with exit code 4294967282.
Dependency Check reports:
[ 'C:\a\1\TestResults\dependency-check\dependency-check-junit.xml',
'C:\a\1\TestResults\dependency-check\dependency-check-report.html',
'C:\a\1\TestResults\dependency-check\dependency-check-report.xml' ]
Dependency Check failed with message "Dependency Check exited with an error code (exit code: 4294967282)."
##[error]Dependency Check exited with an error code (exit code: 4294967282).
Ending Dependency Check...
To Reproduce
Appears only when the package-lock.json file is part of the repository. If we remove the file, the scan happens as expected and no errors are thrown.
Expected behavior
Scan should be conducted as it would with any other package.json file.
Additional context
We're running this from an OWASP plugin directly connected to AzureDevOps via a pipeline. There are no unique configurations for the environment that we were testing with, just a generic configuration for testing the plugin to provide a POC to our development team when scanning for code dependency files.
Describe the bug
When scanning an Angular application, the dependency checker application throws an error when it comes across package-lock files.
Version of dependency-check used
6.5.3
Log file
[INFO] Finished NVD CVE Analyzer (0 seconds)
[ERROR] NodeAuditAnalyzer failed on C:\a\1\s\NextGen\UserDriven\Website\SPA\package-lock.json
[WARN] An error occurred while analyzing 'C:\a\1\s\NextGen\UserDriven\Website\SPA\package-lock.json' (Node Audit Analyzer).
[INFO] Finished Node Audit Analyzer (0 seconds)
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 1.12.0
00:00 INFO: Vulnerability found: jquery below 3.4.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
00:00 INFO: Vulnerability found: jquery below 3.5.0
[INFO] Finished RetireJS Analyzer (1 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (4 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (24 seconds)
[INFO] Writing report to: C:\a\1\TestResults\dependency-check\dependency-check-report.xml
[INFO] Writing report to: C:\a\1\TestResults\dependency-check\dependency-check-report.html
[INFO] Writing report to: C:\a\1\TestResults\dependency-check\dependency-check-junit.xml
[ERROR] Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.
Dependency Check completed with exit code 4294967282.
Dependency Check reports:
[ 'C:\a\1\TestResults\dependency-check\dependency-check-junit.xml',
'C:\a\1\TestResults\dependency-check\dependency-check-report.html',
'C:\a\1\TestResults\dependency-check\dependency-check-report.xml' ]
Dependency Check failed with message "Dependency Check exited with an error code (exit code: 4294967282)."
##[error]Dependency Check exited with an error code (exit code: 4294967282).
Ending Dependency Check...
To Reproduce
Appears only when the package-lock.json file is part of the repository. If we remove the file, the scan happens as expected and no errors are thrown.
Expected behavior
Scan should be conducted as it would with any other package.json file.
Additional context
We're running this from an OWASP plugin directly connected to AzureDevOps via a pipeline. There are no unique configurations for the environment that we were testing with, just a generic configuration for testing the plugin to provide a POC to our development team when scanning for code dependency files.