Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
KeyNotFoundException when using pgscan
-
Hi,
We started using Proget and pgscan for our frontend code but get a KeyNotFoundException exception in pgscan\Inedo.DependencyScan\NpmDependencyScanner.cs line 81
string version = npmDependencyPackage.Value.GetProperty("version").GetString();This is the bit of json from the lock-file it fails on and as you can see there is no version attribute.
"node_modules/@vicrea-neuron/eslint-plugin": { "resolved": "packages/eslint-plugin", "link": true },With kind regards,
Valentijn
-
Hi @v-makkenze_6348 ,
This is the first time I've seen a
"link": truetype entry in a lock file.The docs for package-lock.json aren't very clear for what this signifies, aside from:
A flag to indicate that this is a symbolic link. If this is present, no other fields are specified, since the link target will also be included in the lockfile.
Not sure how a "link" entry like that gets added to a lock file, but I think we should just skip it then? Basically add code in that loop that does this?
if (npmDependencyPackage.Value.TryGetProperty("link", out var link) && link.GetBoolean() == true) continue;What do you think?
Cheers,
Dean
-
This was a package that came from a local workspace, skipping seems the right solution as you can never check these packages for vulnerabilities.
-
Hi @v-makkenze_6348,
This fix has been released in pgscan 1.5.7. Please let us know if you have any questions!
Thanks,
Rich
