Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUESTION] How should body option be formatted? #34

Open
markcellus opened this issue Sep 27, 2020 · 6 comments
Open

[QUESTION] How should body option be formatted? #34

markcellus opened this issue Sep 27, 2020 · 6 comments

Comments

@markcellus
Copy link

Hey @isaacs. Trying to use package. But I'm not quite sure if I'm using it correctly 😀 . when trying to pass the contents of package-lock.json to opts.body like this...

  const json = await npmFetch.json('/-/npm/v1/security/audits',  {
    method: 'POST',
    body: packageLockJsonContents, // this is just the contents of a package-lock.json parsed as an object
  });
  console.log(JSON.stringify(json, '', 3));

But I get the following error:

Failed to fetch audit report for repo npm. status: 400 cause: {"statusCode":400,"error":"Bad Request","message":"Invalid request payload input"}

How should the opts.body be formatted? Thanks!
@markcellus markcellus changed the title How should body option be formatted? [QUESTION] How should body option be formatted? Sep 27, 2020
@sosoba
Copy link

sosoba commented Jan 5, 2021

What is

typeof packageLockJsonContents

?

@markcellus
Copy link
Author

markcellus commented Jan 7, 2021
edited
Loading

object. But I was assuming the package would automatically JSON.stringify with proper content-type.

@markcellus
Copy link
Author

sorry didn't mean to close this

@markcellus markcellus reopened this Jan 7, 2021
@illicit-oblivion
Copy link

How come it is not still answered? How to use it? What should be the type of body option?

@sparrowt
Copy link

sparrowt commented Oct 22, 2024
edited
Loading

The code here in npm cli gives some clues as to the expected structure, which it then passes to /-/npm/v1/security/audits/quick (it only does this if calling the bulk API endpoint /-/npm/v1/security/advisories/bulk failed just before; that one accepts a different format which comes from prepareBulkData in the same file).

I can't find any source for this but I have a feeling that /-/npm/v1/security/audits accepts very similar (if not identical) structure to /-/npm/v1/security/audits/quick.

@sparrowt
Copy link

sparrowt commented Oct 22, 2024
edited
Loading

FWIW I had success with the following code snippet, which demonstrates the body internals that the 'audits' API expects and shows how to do a simple "are there any vulns/advisories?" lookup for 1 package, in this case cookie:

// Actually you can omit the line below now that `fetch` is a built-in global, enabled by default since Node 18.
// const fetch = require('node-fetch');

const body = {
    'name': 'package-which-depends-on-cookie-but-this-string-is-irrelevant',
    'version': '0.0.0',
    'requires': {
        'cookie': '^0.4.2'
    },
    'dependencies': {
        'cookie': {
            'version': '0.4.2'
        }
    }
};

fetch('https://registry.npmjs.org/-/npm/v1/security/audits', {
    method: 'POST',
    body: JSON.stringify(body),
    headers: {'Content-Type': 'application/json'}
})
.then(res => {
    return res.json();
})
.then(res => {
    console.log(JSON.stringify(res, null, 2));
})
.catch(err => console.error(err));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sparrowt @markcellus @sosoba @illicit-oblivion