Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checksum error in jf audit-npm for angular build since jfrog cli 2.13.0 #1475

Closed
gregoryboue opened this issue Mar 14, 2022 · 4 comments
Closed

Checksum error in jf audit-npm for angular build since jfrog cli 2.13.0 #1475

gregoryboue opened this issue Mar 14, 2022 · 4 comments
Assignees
@yahavi
Labels
bug Something isn't working

Comments

@gregoryboue
Copy link

Describe the bug

Since 2.13.0 jfrog cli version, when i run jf npm install/ci, npm run build (ng build) and then jf audit-npm i have the following message in the audit-npm output :

[Error] couldn't calculate checksum for : 'xxxxxx'. Hint: Try to delete 'node_models' and/or 'package-lock.json'.
[Error] 5d43b74a81e5f00fc9f78205b6baa7d4a4c13d16126e98b60832f31a87f846e8 is not found in /root/.npm/_cacache/index-v5/5d/43/b74a81e5f00fc9f78205b6baa7d4a4c13d16126e98b60832f31a87f846e8

If i run an npm prune or jf npm ci after the npm run build, then I have no error, so it seems that the ng build change npm local cache and then it produces the error.

To Reproduce

{
  "name": "angular-hello-world",
  "version": "1.0.0",
  "license": "[MIT](http://choosealicense.com/licenses/mit/)",
  "scripts": {
    "ng": "ng",
    "start": "ng serve",
    "build": "ng build",
    "test": "ng test",
    "lint": "ng lint",
    "e2e": "ng e2e"
  },
  "private": true,
  "dependencies": {
    "[@angular/animations](https://npmjs.com/package/@angular/animations)": "[~13.2.0](https://npmjs.com/package/@angular/animations)",
    "[@angular/common](https://npmjs.com/package/@angular/common)": "[~13.2.0](https://npmjs.com/package/@angular/common)",
    "[@angular/compiler](https://npmjs.com/package/@angular/compiler)": "[~13.2.0](https://npmjs.com/package/@angular/compiler)",
    "[@angular/core](https://npmjs.com/package/@angular/core)": "[~13.2.0](https://npmjs.com/package/@angular/core)",
    "[@angular/forms](https://npmjs.com/package/@angular/forms)": "[~13.2.0](https://npmjs.com/package/@angular/forms)",
    "[@angular/platform-browser](https://npmjs.com/package/@angular/platform-browser)": "[~13.2.0](https://npmjs.com/package/@angular/platform-browser)",
    "[@angular/platform-browser-dynamic](https://npmjs.com/package/@angular/platform-browser-dynamic)": "[~13.2.0](https://npmjs.com/package/@angular/platform-browser-dynamic)",
    "[@angular/router](https://npmjs.com/package/@angular/router)": "[~13.2.0](https://npmjs.com/package/@angular/router)",
    "[core-js](https://npmjs.com/package/core-js)": "[^2.6.2](https://npmjs.com/package/core-js)",
    "[rxjs](https://npmjs.com/package/rxjs)": "[~7.5.0](https://npmjs.com/package/rxjs)",
    "[tslib](https://npmjs.com/package/tslib)": "[^2.3.0](https://npmjs.com/package/tslib)",
    "[zone.js](https://npmjs.com/package/zone.js)": "[~0.11.4](https://npmjs.com/package/zone.js)"
  },
  "devDependencies": {
    "[@angular/cli](https://npmjs.com/package/@angular/cli)": "[~13.2.3](https://npmjs.com/package/@angular/cli)",
    "[@angular/compiler-cli](https://npmjs.com/package/@angular/compiler-cli)": "[~13.2.0](https://npmjs.com/package/@angular/compiler-cli)",
    "[@angular/language-service](https://npmjs.com/package/@angular/language-service)": "[~13.2.0](https://npmjs.com/package/@angular/language-service)",
    "[typescript](https://npmjs.com/package/typescript)": "[~4.5.2](https://npmjs.com/package/typescript)",
    "[@angular-devkit/build-angular](https://npmjs.com/package/@angular-devkit/build-angular)": "[~13.2.3](https://npmjs.com/package/@angular-devkit/build-angular)"
  }
}
  • Update the package-lock.json (or remove it)

-> Launch the following commands in the project with a jfrog cli configured to uses Artifactory platform (7.25.6) (with or without JFROG_CLI_BUILD_NAME and JFROG_CLI_BUILD_NUMBER env var) :
-> jf npm-config ....
-> jf npm-ci (or jf npm install)
-> npm run build (or jf npm run build)
-> jf scan-npm --watches...

Expected behavior

Have a local xray scan with no error.

It's ok with JFROG cli 2.11.1 and 2.12.1 and KO with JFROG cli 2.13.0, the causes seems to be this part of 2.13.0 releases notes : Bug fix - Build-info should not be created for 'jf npm install '

Versions

  • JFrog CLI version: 2.12.0, 2.12.1, 2.13.0
  • JFrog CLI operating system: Linux (Docker: node:gallium with npm 8.3.1)
  • Artifactory Version: 7.25.6
  • Xray Version : 3.32.2

Workarounds

  • Do scan just after jf npm-ci
  • Do a jf npm-ci/install or an npm prune after npm run build
@gregoryboue gregoryboue added the bug Something isn't working label Mar 14, 2022
@gregoryboue
Copy link
Author

Seems related to #1473

@yahavi yahavi mentioned this issue Mar 20, 2022
Merged
4 tasks
@yahavi
Copy link
Member

yahavi commented Mar 20, 2022

@gregoryboue,
Thanks for reporting this issue!
We created jfrog/jfrog-cli-core#358 & jfrog/build-info-go#71 to fix it.

We'll keep you updated.

@yahavi yahavi self-assigned this Mar 20, 2022
@yahavi
Copy link
Member

yahavi commented Mar 27, 2022

@gregoryboue,
JFrog CLI 2.14.1 and 2.14.2 include a fix for this issue.
Feel free to upgrade. We'd appreciate your feedback on that.

@gregoryboue
Copy link
Author

Hi, it's ok for me with the mensioned versions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yahavi yahavi

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yahavi @gregoryboue