The npm registry now supports npm audit

Summary

$ npm audit is not supported currently.

This creates a parsing error on the backend side. See https://sentry.gitlab.net/gitlab/gitlabcom/issues/1636563 (internal)

$ npm audit can be run behind the scenes when $ npm install, see https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities#turning-off-npm-audit-on-package-installation

Note that this doesn't show an error on the user side. It will only show 0 vulnerabilities:

$ npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 1 scanned package

Steps to reproduce

• Create a npm package in the npm GitLab packages registry
• Reference it in a second npm project
• $ npm install
• Optionally $ npm audit

Example Project

https://gitlab.com/10io/npm_audit_bug

What is the current bug behavior?

• This raises an error on the GitLab Packages Registry. See https://sentry.gitlab.net/gitlab/gitlabcom/issues/1636563 (internal)

What is the expected correct behavior?

• The backend should accept this request.

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.)

Output of checks

This bug happens on GitLab.com

Possible fixes

• The backend should reply an empty array (weight 1)

or

• The backend should reply with the proper vulnerabilities. (More complex to implement, needs a small investigation)