diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn.rb index 8ce4bb7869..151d230a1e 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn.rb @@ -165,6 +165,9 @@ module NpmAndYarn REQUIREMENT_NOT_PROVIDED: /(?.*)(.*?)doesn't provide (?.*)(.*?), requested by (?.*)/ }.freeze, T::Hash[String, Regexp]) + # registry returns malformed response + REGISTRY_NOT_REACHABLE = /Received malformed response from registry for "(?.*)". The registry may be down./ + class Utils extend T::Sig @@ -580,6 +583,15 @@ def self.sanitize_resolvability_message(error_message, dependencies, yarn_lock) }, in_usage: false, matchfn: nil + }, + { + patterns: [REGISTRY_NOT_REACHABLE], + handler: lambda { |message, _error, _params| + msg = message.match(REGISTRY_NOT_REACHABLE) + Dependabot::DependencyFileNotResolvable.new(msg) + }, + in_usage: false, + matchfn: nil } ].freeze, T::Array[{ patterns: T::Array[T.any(String, Regexp)], diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb index 85d1bd2ba6..37a540a094 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb @@ -107,6 +107,12 @@ def updated_lockfile_reponse(response) # issue related when dependency url is not mentioned correctly UNRESOLVED_REFERENCE = /Unable to resolve reference (?.*)/ + # npm git related error for dependencies + GIT_CHECKOUT_ERROR_REGEX = /Command failed: git checkout (?.*)/ + + # Invalid version format found for dependency in package.json file + INVALID_VERSION = /Invalid Version: (?.*)/ + # TODO: look into fixing this in npm, seems like a bug in the git # downloader introduced in npm 7 # @@ -616,6 +622,15 @@ def handle_npm_updater_error(error) raise Dependabot::DependencyFileNotResolvable, msg end + if (error_msg = error_message.match(GIT_CHECKOUT_ERROR_REGEX)) + raise Dependabot::DependencyFileNotResolvable, error_msg + end + + if (error_msg = error_message.match(INVALID_VERSION)) + msg = "Found invalid version \"#{error_msg.named_captures.fetch('ver')}\" while updating" + raise Dependabot::DependencyFileNotResolvable, msg + end + raise error end # rubocop:enable Metrics/AbcSize diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb index 6d6979f335..0f29c47c2a 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb @@ -1011,6 +1011,41 @@ end end end + + context "with a npm error response that returns a git checkout error" do + let(:response) do + "Command failed: git checkout 8cb9036b503920679c95528fa584d3e973b64f75 + fatal: reference is not a tree: 8cb9036b503920679c95528fa584d3e973b64f75" + end + + it "raises a helpful error" do + expect { updated_npm_lock }.to raise_error(Dependabot::DependencyFileNotResolvable) do |error| + expect(error.message) + .to include( + "Command failed: git checkout 8cb9036b503920679c95528fa584d3e973b64f75" + ) + end + end + end + + context "with a npm error response that invalid version error" do + let(:response) do + "npm WARN using --force Recommended protections disabled. + npm ERR! Invalid Version: ^8.0.1 + + npm ERR! A complete log of this run can be found in: " \ + "/home/dependabot/.npm/_logs/2024-09-12T06_08_54_947Z-debug-0.log" + end + + it "raises a helpful error" do + expect { updated_npm_lock }.to raise_error(Dependabot::DependencyFileNotResolvable) do |error| + expect(error.message) + .to include( + "Found invalid version \"^8.0.1\" while updating" + ) + end + end + end end context "with a override that conflicts with direct dependency" do diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/yarn_error_handler_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/yarn_error_handler_spec.rb index fc3f533963..f15da04f5a 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/yarn_error_handler_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/yarn_error_handler_spec.rb @@ -699,6 +699,18 @@ end end + context "when the exception message contains malformed registry error response" do + let(:error_message) do + "Received malformed response from registry for \"teste-react-jv\". The registry may be down." + end + + it "raises the corresponding error class with the correct message" do + expect { error_handler.handle_group_patterns(error, usage_error_message, { yarn_lock: yarn_lock }) } + .to raise_error(Dependabot::DependencyFileNotResolvable, + "Received malformed response from registry for \"teste-react-jv\". The registry may be down.") + end + end + context "when the error message contains Permission denied error" do let(:error_message) do "https://npm.pkg.github.com/breakthroughbehavioralinc/webpack: Permission denied"