it-depends
it-depends copied to clipboard
trailofbits
Version string lacks a numerical component
I tried running it-depends on a few different nodejs packages and it didn't work on any of them. On a few it gave this error. Here's the output for two different projects I tried:
This is from https://github.com/timjrobinson/evolutionary-ai-battle:
> it-depends .
Step 1/9 : FROM ubuntu:20.04
---> ba6acccedd29
Step 2/9 : RUN mkdir -p /workdir
---> Using cache
---> 9cf67c4f9f7a
Step 3/9 : RUN ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
---> Using cache
---> 5968dac56aef
Step 4/9 : RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends strace npm
---> Using cache
---> 81711f2c7866
Step 5/9 : WORKDIR /workdir
---> Using cache
---> efd9480ba3ad
Step 6/9 : COPY install.sh .
---> Using cache
---> 5c8e0c3e6cd2
Step 7/9 : COPY run.sh .
---> Using cache
---> aab0afbbdc27
Step 8/9 : COPY baseline.sh .
---> Using cache
---> 33764ca8b29f
Step 9/9 : RUN chmod +x *.sh
---> Using cache
---> 166127b08bf8
Successfully built 166127b08bf8
Successfully tagged trailofbits/it-depends-npm:0.1.1
Version string lacks a numerical component: "pts: '^1.3.5',"
Another one from https://github.com/timjrobinson/ssb-server:
# Docker output is same as above
Version string lacks a numerical component: "ts': '^1.0.4',"
It's unclear where this is coming from, these packages are in my package.json/package-lock.json but they are valid json files with normal semver versions.
I also tried running on https://github.com/balancer-labs/frontend-v2 and it gave the following output:
Successfully tagged trailofbits/it-depends-npm:0.1.1
{
"npm:@balancer-labs/frontend-v2": {
"1.34.9": {
"dependencies": {},
"vulnerabilities": [],
"source": "npm",
"is_source_package": true
}
}
}
And that's it.
