Skip to content

Dependency Scanning Fails: "engine 'node' is incompatible with this module"

Summary

Our Node.js project was successfully using Dependency Scanning for a while. It began to fail once we added a yarn.lock file. The project requires Node.js engine 10.16.0 LTS. However, when the dependency scanning job kicks off it loads retire.js scanner which then fails, possibly because it loads Node.js 11.15.0 and some of the modules are incompatible with that version. Following is the error message where "abc-node@0.0.1" is one of our packages the build requires

Installing dependencies…yarn install v1.16.0
>>>[1/5] Validating package.json…
error abc-node@0.0.1: The engine “node” is incompatible with this module. Expected version
“>=10.0.0 <11.0.0”. Got “11.15.0”
error Found incompatible module.

Steps to reproduce

  • In a GitLab project that contains Node.js code, configure the Dependency Scanning job. Verify that it works.
  • The Node.js project should be using the TLS engine, currently 10.16.0. Add the following section to the project's package.json file
  "engines": {
    "node": ">=10.0.0 <11.0.0"
  },
  • Make sure the project pulls a package version that is incompatible
  • Implement yarn.lock

Example Project

N/A - this is an internal project

What is the current bug behavior?

Dependency Scanning job fails presumably because it's installing dependencies with a newer version of Node engine that is not compatible with all of our packages.

What is the expected correct behavior?

Dependency scanning should work with yarn.lock files and adhere to the required node engine version.

Relevant logs and/or screenshots

Installing dependencies…yarn install v1.16.0
>>>[1/5] Validating package.json…
error abc-node@0.0.1: The engine “node” is incompatible with this module. Expected version
“>=10.0.0 <11.0.0”. Got “11.15.0”
error Found incompatible module.

Output of checks

(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)

Results of GitLab environment info

Expand for output related to GitLab environment info 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:env:info)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)