XRAY: Why does Npm audit return a 400 error code?

Elina Floim
2022-05-04 08:56

Due to a breaking change in the npm registry, Xray fails to perform an npm audit command. When issuing the command, the npm client will return an error similar to this:Failed to fetch audit report for repo $repo_name. status: 400 cause: {"error":"Failed to read request"}In the Xray logs, the following error will be logged:[jfxr ] [ERROR] [9caf27aft49e63db] [npm_audit_handler:40     ] [main        ] Failed to read request, err: json: cannot unmarshal array into Go struct field Advisories.optional_report_to_enhance.advisories.cwe of type stringThis behavior affects Xray versions lower than 3.44.2. A fix for this behavior was implemented on Xray versions 3.43.4 and greater, therefore, Xray should be upgraded to a version containing the fix in order to mitigate the issue. If an upgrade is not feasible straight away, the following property can be added to the $JFROG_HOME/artifactory/etc/artifactory.system.properties file on the Artifactory machine as a temporary workaround:artifactory.npm.minimal.xray.audit.support=9.9.9This property disables this feature until an upgrade will be performed. In the case of an HA setup, this should be added to all of the nodes. A restart is required for the change to take effect.