-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug(npm): runtime: out of memory #6854
Comments
Hello @gobardhan I investigated your
Link doesn't have Can you write steps to reproduce this case? Regards, Dmitriy |
Hi @DmitriyLewen
|
@gobardhan I can't reproduce this case: root@a8ac21a6d13a:/app2# ls -hl function/
total 4.0K
-rw-r--r-- 1 root root 204 Jun 5 07:15 package.json
root@a8ac21a6d13a:/app2# cat package.json
{
"name": "app2",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"workspaces": ["./"]
}
root@a8ac21a6d13a:/app2# npm install
up to date, audited 1 package in 308ms
found 0 vulnerabilities
root@a8ac21a6d13a:/app2# cat package-lock.json
{
"name": "app2",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "app2",
"version": "1.0.0",
"license": "ISC",
"workspaces": [
"./"
]
}
}
}
or root@a8ac21a6d13a:/app2# cat package-lock.json
{
"name": "app2",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "app2",
"version": "1.0.0",
"license": "ISC",
"workspaces": [
"./*"
]
},
"function": {
"version": "1.0.0",
"license": "ISC"
},
"node_modules/function": {
"resolved": "function",
"link": true
}
}
} |
Can you post your test directory structure? |
Test project doesn't contain any subproject, You can check at here as well: https://github.com/gobardhan/test |
This looks like a bug in anyway I created #6858 to fix the |
Discussed in #6853
Originally posted by gobardhan June 4, 2024
Description
For a npm project with following configuration of workspace inside package.json Trivy not able to perform the scan for any scanners.
"workspaces": [ "./" ]
After debugging it I found that it's due the below code inside package-lock.json
"node_modules/@ffdev/bryntum-components": { "resolved": "", "link": true },
It's started working fine if I remove the above part of code from package-lock.json.
Desired Behavior
Trivy should able to scan the repository with such kind of configuration for package.json & package-lock.json without throwing any error.
Actual Behavior
Trvivy scan throw's
fatal error: runtime: out of memory
. Commandtrivy fs .
And running trivy in debug mode hang-up my system and in last killed by system. Command
trvy fs . -d
Reproduction Steps
Target
Filesystem
Scanner
None
Output Format
None
Mode
Standalone
Debug Output
Operating System
Ubuntu 22.04.4 LTS
Version
Checklist
trivy image --reset
The text was updated successfully, but these errors were encountered: