npmnpm-auditnpm-config

NPM throws error on "audit fix" - Configured registry is not supported


Since last night i'm getting the following error:

npm ERR! code ENOAUDIT
npm ERR! audit Your configured registry (https://registry.npmjs.org/) does not support audit requests.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/ransinha/.npm/_logs/2018-11-28T18_19_35_432Z-debug.log

I have not made any recent changes. https://github.com/verdaccio/verdaccio/issues/689 suggests changeing in config.yaml file. I don't see any config.yaml file in my folder. I'm not using verdaccio also. Not sure how to fix this. Any ideas?

Update: The npm audit shows the following:

                   === npm audit security report ===                        

┌───────────────────────────────────────────────────────────────────────── │ Manual Review │ │ Some vulnerabilities require your attention to resolve
│ Visit https://go.npm.me/audit-guide for additional guidance │ └───────────────────────────────────────────────────────────────────────── ┌───────────────┬───────────────────────────────────────────────────────── │ Critical │ Malicious Package │ ├───────────────┼───────────────────────────────────────────────────────── │ Package │ flatmap-stream │ ├───────────────┼───────────────────────────────────────────────────────── │ Patched in │ No patch available │ ├───────────────┼───────────────────────────────────────────────────────── │ Dependency of │ nodemon [dev] │ ├───────────────┼───────────────────────────────────────────────────────── │ Path │ nodemon > pstree.remy > ps-tree > event-stream > │ │ │ flatmap-stream │ ├───────────────┼───────────────────────────────────────────────────────── │ More info │ https://nodesecurity.io/advisories/737


Solution

  • Based the more info link, you are advised to use event-stream@3.3.4

    To do this:

    1, Delete the node_modules folder of flatmap-stream

    2, Edit package-lock.json file, i think under ps_tree object and add/edit the dependencies as shown below:

    "requires": {
        "event-stream": "~3.3.0"
    },
    "dependencies": {
        "event-stream": {
            "version": "3.3.4"
        }
    }
    

    Run npm install again, this should fix it