When attempting to fetch the npm audit report, Xray provides an enhanced version of the report. However, this process may result in encountering errors, such as the socket connection between Artifactory and Xray timing out and getting closed, leading to a 500 error, as seen in the error snippet provided.
As the npm audit is a heavy operation, the connection between Artifactory and Xray may get closed before receiving a response. By default, the socket connection time between Artifactory and Xray is 25 seconds. Errors giving a 500 response with more than 25,000ms are visible in the artifactory-request.log (highlighted in the text).
To address this issue, we can tune the property "artifactory.xray.client.normal.socket.timeout.millis" in the artifactory.system.properties file (located at $JFROG_HOME/artifactory/var/etc/artifactory directory) to increase the timeout to 50,000ms. This modification can be made on our end, followed by a restart of the Artifactory Server, to overcome this behavior.
For further information on npm audit and JFrog Xray, please refer to this blog: "Protect Your Code with npm audit & JFrog Xray."
2023-01-09T16:05:19.521Z [jfrt ] [ERROR] [abcda42cfe336008] [c.a.XrayNpmAuditHandlerImpl:53] [-nio-12000-exec-5595] - Failed to retrieve npm audit from Xray : Read timed out 2023-01-09T16:05:19.521Z [jfrt ] [ERROR] [abcda42cfe336008] [o.a.a.n.r.a.NpmAuditFetcher:60] [-nio-12000-exec-5595] - Failed to retrieve npm audit report from Xray 2023-01-09T16:05:19.522Z [jfrt ] [ERROR] [abcda42cfe336008] [.a.a.n.r.a.NpmAuditHandler:182] [-nio-12000-exec-5595] - Managed to fetch quick npm audit report from https://registry.npmjs.org but not from Xray - status: 500 error: Failed to retrieve npm audit report from Xray 2023-01-09T16:05:19.522Z [jfrt ] [ERROR] [abcda42cfe336008] [o.a.a.n.r.NpmRequestHelper:194] [-nio-12000-exec-5595] - Failed to fetch audit report for repo npm-demo. status: 500 cause: Failed to retrieve npm audit report from Xray
As the npm audit is a heavy operation, the connection between Artifactory and Xray may get closed before receiving a response. By default, the socket connection time between Artifactory and Xray is 25 seconds. Errors giving a 500 response with more than 25,000ms are visible in the artifactory-request.log (highlighted in the text).
2023-01-09T22:03:35.333Z|abcda0148a1aa7c0|111.15.96.87|test-user1|POST|/api/npm/npm-demo/-/npm/v1/security/audits/quick|500|65724|0|25206|npm/6.11.3 node/v8.15.1 linux x64
To address this issue, we can tune the property "artifactory.xray.client.normal.socket.timeout.millis" in the artifactory.system.properties file (located at $JFROG_HOME/artifactory/var/etc/artifactory directory) to increase the timeout to 50,000ms. This modification can be made on our end, followed by a restart of the Artifactory Server, to overcome this behavior.
For further information on npm audit and JFrog Xray, please refer to this blog: "Protect Your Code with npm audit & JFrog Xray."