unable to scan npm projects when peer dependencies isnt resolved.

[whatthes]

when i run npm install followed by an xray scan, xray runs "npm ls --json --all --package-lock-only --prod", which churns out peer dependecies error and produces no xray results.

Is there a way to subvert this?

[EstebanDugueperoux2]

Hi,

I have same issue, invoking "npm ls" with "--silent" args avoid stderr output.
I think a pull request on https://github.com/jfrog/jfrog-vscode-extension/blob/0ab056a851c7a96b103826459d47899240fb804d/src/main/utils/cmds/npm.ts#L14C9-L14C9 to add this "--silent" option will solve this issue.

Regards.

[Or-Geva]

@EstebanDugueperoux2 & @whatthes, jfrog-vscode-extension version 2.3.6 has been released and includes a fix for this issue.

[EstebanDugueperoux2]

Hi @Or-Geva,

I have tested with https://github.com/Armanidrisi/devblog example projet, after a npm install without peer dependencies errors, after a scan from the JFrog view I get following logs :

`[DEBUG - 09:46:44] Trying to read credentials from KeyStore...
[DEBUG - 09:46:45] Resolved JFrog platform URL:
[DEBUG - 09:46:45] Resolved Xray URL: https://registry.saas.cagip.group.gca/xray
[DEBUG - 09:46:45] Resolved Artifactory URL: https://registry.saas.cagip.group.gca/artifactory
[DEBUG - 09:46:50] Successfully connected to Xray version: 3.41.4
[DEBUG - 09:46:51] Artifactory connection success.
[INFO - 09:46:51] Refresh: loading data from cache
[DEBUG - 09:46:51] WorkSpace 'devblog' has no data in cache
[INFO - 09:51:53] Refresh: loading data from cache
[DEBUG - 09:51:53] WorkSpace 'devblog' has no data in cache
[INFO - 09:51:57] Checking for updates
[DEBUG - 09:51:57] You are not entitled to run Advanced Security scans
[INFO - 09:51:57] Refresh: starting workspace scans 🐸
[INFO - 09:51:57] Locating package descriptors in workspace "devblog".
[DEBUG - 09:51:58] package.json files to scan: [file:///c%3A/Users/ETPOX64/git/devblog/package.json]
[ERR - 09:52:00] Error: Command failed: npm ls --json --all
npm ERR! peer dep missing: @aws-sdk/credential-providers@^3.201.0, required by [email protected]
npm ERR! peer dep missing: @mongodb-js/zstd@^1.1.0, required by [email protected]
npm ERR! peer dep missing: kerberos@^2.0.1, required by [email protected]
npm ERR! peer dep missing: mongodb-client-encryption@>=2.3.0 <3, required by [email protected]
npm ERR! peer dep missing: snappy@^7.2.2, required by [email protected]
npm ERR! peer dep missing: ts-node@>=9.0.0, required by [email protected]

[DEBUG - 09:52:00] Error: Command failed: npm ls --json --all
npm ERR! peer dep missing: @aws-sdk/credential-providers@^3.201.0, required by [email protected]
npm ERR! peer dep missing: @mongodb-js/zstd@^1.1.0, required by [email protected]
npm ERR! peer dep missing: kerberos@^2.0.1, required by [email protected]
npm ERR! peer dep missing: mongodb-client-encryption@>=2.3.0 <3, required by [email protected]
npm ERR! peer dep missing: snappy@^7.2.2, required by [email protected]
npm ERR! peer dep missing: ts-node@>=9.0.0, required by [email protected]

at checkExecSyncError (node:child_process:880:11)
at Object.execSync (node:child_process:951:15)
at Object.<anonymous> (node:electron/js2c/asar_bundle:2:12711)
at _.executeCmd (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:631716)
at t.NpmCmd.runNpmLs (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:595515)
at h.refreshDependencies (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:505444)
at p.createDependenciesTrees (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:613160)
at T.createDependenciesTree (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:564181)
at T.scanPackageDependencies (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:562584)
at T.repopulateWorkspaceTree (c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:546763)
at async c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:545219
at async c:\Users\ETPOX64\.vscode\extensions\jfrog.jfrog-vscode-extension-2.4.1\dist\extension.js:2:630360

[ERR - 09:52:00] An npm project was partially scanned. Hint: Ensure that there are no errors from the command 'npm ls --all' in the directory 'c:\Users\ETPOX64\git\devblog''
[WARN - 09:52:00] Eos runner could not find binary to run
[INFO - 09:52:00] Found 0 Eos issues in workspace = 'c:\Users\ETPOX64\git\devblog' (elapsed 0.013 seconds)
[INFO - 09:52:00] Scanning descriptor c:\Users\ETPOX64\git\devblog\package.json for dependencies issues
[DEBUG - 09:52:00] Sending dependency graph "devblog-nodejs" to Xray for analyzing. Using Watches: [cats-p0100-maven-staging-intranet]
[DEBUG - 09:52:03] Usage Report: Usage report sent successfully.
[DEBUG - 09:52:06] [c:\Users\ETPOX64\git\devblog\package.json] reported change in progress 0% -> 82%
[INFO - 09:52:14] Found 2 unique CVE issues for descriptor c:\Users\ETPOX64\git\devblog\package.json (elapsed 14.066 seconds)
[INFO - 09:52:14] Workspace 'devblog' scan ended
[INFO - 09:52:14] Scans completed 🐸 (elapsed 16.437 seconds)
[DEBUG - 09:52:50] Creating diagnostics for descriptor 'c:\Users\ETPOX64\git\devblog\package.json'`

Regards.

[Or-Geva]

Hey @EstebanDugueperoux2, which npm version are you currently using? Were you able to see partial results or is it still showing none, as it did before?