'Set up completed' instead of vulnerability report
1shevelov opened this issue ยท 16 comments
Running the library from Windows Command Processor as suggested in README 'npx is-website-vulnerable /full URL/' without installing first. Tried couple of times with different websites with the same result.
Expected Behavior
I see vulnerability report as demonstrated on the README's screenshot.
Current Behavior
After waiting several minutes (3-4 at least) of running messages with different packages I get a message "V Set up completed in 2.67 seconds!" (or another number of seconds). Command Prompt freezes not showing command prompt or respond to any keys like Ctrl-C.
Possible Solution
No idea.
Steps to Reproduce (for bugs)
- Run Command Prompt cmd.exe
- type npx is-website-vulnerable /any string/
- press Enter
Context
Your Environment
Date: today
OS: Windows 10 Home
npm/npx 6.11.3
@1shevelov thanks for letting us know and sorry for the bad experience.
if you add a --json
to the command does it work or are you experiencing similar issues?
It worked with '--json' flag!
Took about 5 minutes on my SSD-less system (less then 4 min for wrong address) but found a vulnerability, displayed a report and finished correctly.
Thanks! it seems like the animations aren't showing up properly on that command prompt.
I assume if you try to run it again without JSON it still freezes?
If so, can I ask you to run: npx terminal-detect
and share the output here?
Maybe there's a way we can detect incompatible terminals and fix it. And, If you are able to find a fix and push a PR I will happily merge it.
Faced the same issue and I have given your command as well .
npx terminal-detect is-website-vulnerable http://localhost:4200/ --desktop
npx: installed 4 in 40.989s
{ colors: { '16': true, '256': false, '16m': false },
charset: { unicode: false } }
Change Line 31 of the file is-website-vulnerable.js to fix this.
const showProgressBar = !argv;
instead of const showProgressBar = !argv.json;
Change Line 31 of the file is-website-vulnerable.js to fix this.
const showProgressBar = !argv; instead of const showProgressBar = !argv.json;
This shouldn't be the reason, that line of code is ok.
๐ This issue has been resolved in version 1.9.2 ๐
The release is available on:
Your semantic-release bot ๐ฆ๐
For me with just line 31 changes the code worked with the following test cases in Windows 8.
is-website-vulnerable http://localhost:localport/
is-website-vulnerable http://localhost:localport/ --json (will take mobile as the argument as default).
is-website-vulnerable http://localhost:localport/ --json --desktop
is-website-vulnerable http://localhost:localport/ --json --js-lib
is-website-vulnerable http://localhost:localport/ --js-lib.
is-website-vulnerable
Tested with Run as Admin for cmd prompt.
Yep because you're disabling all prompt animation entirely.
I added a commit that disables it only when being used on Windows. Can you confirm that this is working well now for you?
Did that and works. However for certain sites (https://www.linkedin.com/) it gives me the following error
node is-website-vulnerable.js https://www.linkedin.com/ --json
ERROR: The process with PID 14648 (child process of PID 4764) could not be terminated.
Reason: There is no running instance of the task.
Error: Chrome could not be killed Command failed: taskkill /pid 4764 /T /F
ERROR: The process with PID 14648 (child process of PID 4764) could not be terminated.
Reason: There is no running instance of the task.
at Promise (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:256:28)
at new Promise (<anonymous>)
at Launcher.kill (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:238:16)
at Object.<anonymous> (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:58:29)
at Generator.next (<anonymous>)
at D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:12:71
at new Promise (<anonymous>)
at __awaiter (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:8:12)
at Object.kill (D:\TEST\TestNPM\node_modules\is-website-vulnerable\node_modules\chrome-launcher\dist\chrome-launcher.js:53:28)
at Audit.scanUrl (D:\TEST\TestNPM\LatestCode\is-website-vulnerable-master\src\Audit.js:81:26)
Usage:
is-website-vulnerable https://www.example.com
looks like an issue with Chrome launcher. I suppose that doesn't happen all the time with the same website, right?
Happens all the time with https://www.linkedin.com/
Unfortunately I can't reproduce it here. Maybe that's just running a bit slow on your end which does some trouble to the chrome launcher when it attempts to kill the process?
Looks like the dependency module is having the issue
Oh thanks!
I may need to update that library in the shrinkwrap file then