RubyGems - rubion - Versions diffs - 0.3.18 → 0.3.19 - Mend

rubion 0.3.18 → 0.3.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 25866a240d194626328073cc8f0e78b970dd1e8389563f8a2a636a23ccc545e3
-  data.tar.gz: bc7061c95fe6a24fd7cc464bf3671f26bc9d1a53eb248512d7b15c1c67efdbf6
+  metadata.gz: c02b3b976c548af77be89141a6abb06ee9ee8431606512361fce0375bae02f91
+  data.tar.gz: 77032534958a027081fdf213339eb43456cb5891b009ffe6a9200b39f851d7bd
 SHA512:
-  metadata.gz: aa33bfe89c56497e77cb63b9e518fe4f57673c53440971ee50b3ebe56f82f83ea39af26e74b5bd3e38036ef85270be2a778b900afce56027234e50c80acb7603
-  data.tar.gz: 536c26c682881e1516baeeb9833214fb3a761fa0c65df777961d434da28a4e4ba5a39c6e6013251e3b27a6baca3ba9b424e7465282832ed298d061564c859959
+  metadata.gz: a02452fc1e9bf2587eedee8146c3fa4d4427434ed2dd7cc9d78fbfb94646179ea466b9de047d02502d92f410f21a944e6e8da3b18cff44b23d775112992fe407
+  data.tar.gz: b04981ce97169f9b8727beea93beb88b9f78bf1d8dc5075317355645f67ba7d47f87c0107f4da6ad1d1ca7dcf5a4f8dbd164de3095d7996f1d2668dd1d2900e8

data/lib/rubion/scanner.rb CHANGED Viewed

@@ -172,6 +172,30 @@ module Rubion
           parse_npm_audit_output(data)
         end
       rescue JSON::ParserError => e
+        # npm audit can emit human-readable errors plus a JSON error object when there is
+        # no lockfile (ENOLOCK) or similar issues. Because we redirect stderr to stdout
+        # (2>&1), the mixed output may not be valid JSON.
+        if @package_manager == 'npm'
+          json_start = stdout.index('{')
+          json_end = stdout.rindex('}')
+          if json_start && json_end && json_end > json_start
+            json_str = stdout[json_start..json_end]
+            begin
+              error_data = JSON.parse(json_str)
+              if error_data.is_a?(Hash) && error_data.dig('error', 'code') == 'ENOLOCK'
+                puts "\n  ℹ️  npm audit requires a package-lock.json. Skipping npm vulnerability check.\n"
+                @result.package_vulnerabilities = []
+                return
+              end
+            rescue JSON::ParserError
+              # Fall through to the generic error below
+            end
+          end
+        end
         raise "Failed to parse #{@package_manager} audit JSON output: #{e.message}. Raw output: #{stdout}"
       end
     end

data/lib/rubion/version.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Rubion
-  VERSION = "0.3.18"
+  VERSION = "0.3.19"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubion
 version: !ruby/object:Gem::Version
-  version: 0.3.18
+  version: 0.3.19
 platform: ruby
 authors:
 - bipashant