yarn audit returns 503 every now and then

Question

yarn audit returns 503 every now and then

luc-tielen opened this issue 6 years ago · 12 comments

What is the current behavior?

We use yarn audit --json in our CI pipeline to check for vulnerabilities, however every now and then it fails with the following error:

Output from command:

// many more lines of JSON ...
{"type":"activityTick","data":{"id":0,"name":"yaml-loader@^0.4.0"}}
{"type":"activityTick","data":{"id":0,"name":"js-yaml@^3.5.2"}}
{"type":"activityEnd","data":{"id":0}}
/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:66237
            throw new (_errors || _load_errors()).ResponseError(_this3.reporter.lang('requestFailed', description), res.statusCode);
            ^

Error: Request failed "503 Service Unavailable"
    at ResponseError.ExtendableBuiltin (/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:702:66)
    at new ResponseError (/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:808:124)
    at Request.params.callback [as _callback] (/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:66237:19)
    at Request.self.callback (/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:129397:22)
    at Request.emit (events.js:188:13)
    at Request.<anonymous> (/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:130369:10)
    at Request.emit (events.js:188:13)
    at IncomingMessage.<anonymous> (/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:130291:12)
    at Object.onceWrapper (events.js:276:13)
    at IncomingMessage.emit (events.js:193:15)

Also using --verbose flag, it seems to fail when accessing https://registry.yarnpkg.com/-/npm/v1/security/audits
This error only seems to occur during (busy?) parts of the day, maybe server can't handle the load?

If the current behavior is a bug, please provide the steps to reproduce.

Steps to reproduce:

run yarn audit --json until you hit the error.

What is the expected behavior?

No 503 error.

Answer 1 · 2019-01-20T19:13:50.000Z

I am seeing this too

Answer 2 · 2019-01-26T18:28:16.000Z

yarnpkg.com is a redirect to npm's registry, so this response is from their system. Unfortunately there is nothing we can do about that since we don't run the registry.

npm's status site shows that there was an issue with audit on the day that you opened this issue: https://status.npmjs.org/

Answer 3 · 2019-01-27T08:44:07.000Z

@rally25rs is there a way to pass through in case of network errors? If it's part of a CI pipeline then it breaks the whole build.
By the way, I encountered the 503 on several days already.

Answer 4 · 2019-02-08T01:17:02.000Z

+1 to having a command line argument to pass or do something to continue the CI process.

Answer 5 · 2019-05-16T10:04:53.000Z

@Fleker i'm interested to pick this one as PR. What is your thought about it?

Answer 6 · 2019-05-16T13:42:25.000Z

I think there should be a flag, such as '--fail-silently', so that server issues do not cause the CI process to fail. Under the hood, I don't know how the API calls are made, but checking the status code for 5xx should result in the script exiting with status code 0.

Answer 7 · 2019-05-17T09:11:17.000Z

@Fleker my PR is out. Waiting for review from yarn team

Answer 8 · 2019-05-21T23:22:25.000Z

Unfortunate workaround we ended up rolling with:

#!/usr/bin/env node

const chalk = require('chalk');
const { execSync } = require('child_process');

try {
  execSync(`yarn audit`, { encoding: 'utf8' });
} catch (e) {
  if (e.stdout) {
    process.stdout.write(e.stdout);
  }

  if (-1 !== String(e).indexOf('503 Service Unavailable')) {
    console.warn(chalk.yellow('⚠️⚠️⚠️  503 detected. Eating error. ⚠️⚠️⚠️'));
    process.exit(0);
  }

  console.error(chalk.red('🚨🚨🚨 Yarn audit failed. 🚨🚨🚨'));
  process.exit(e.status || 1);
}

console.log(chalk.green('✅ Yarn audit passed!'));

Answer 9 · 2019-07-19T06:37:13.000Z

Now this is occurring again.

verbose 1.684 Performing "POST" request to "https://registry.yarnpkg.com/-/npm/v1/security/audits".
verbose 14.843 Request "https://registry.yarnpkg.com/-/npm/v1/security/audits" finished with status code 503.
/lib/node_modules/yarn/lib/cli.js:66073
            throw new (_errors || _load_errors()).ResponseError(_this3.reporter.lang('requestFailed', description), res.statusCode);
            ^

Error: Request failed "503 Service Unavailable"
    at ResponseError.ExtendableBuiltin (/lib/node_modules/yarn/lib/cli.js:696:66)
    at new ResponseError (/lib/node_modules/yarn/lib/cli.js:802:124)
    at Request.params.callback [as _callback] (/lib/node_modules/yarn/lib/cli.js:66073:19)
    at Request.self.callback (/lib/node_modules/yarn/lib/cli.js:129590:22)
    at Request.emit (events.js:198:13)
    at Request.<anonymous> (/lib/node_modules/yarn/lib/cli.js:130562:10)
    at Request.emit (events.js:198:13)
    at IncomingMessage.<anonymous> (/lib/node_modules/yarn/lib/cli.js:130484:12)
    at Object.onceWrapper (events.js:286:20)
    at IncomingMessage.emit (events.js:203:15)

Answer 10 · 2019-07-19T14:03:28.000Z

I am getting this error as well when running yarn audit. Hope it will work again next week. Like @rally25rs already said, this isn't a Yarn issue.

Answer 11 · 2019-07-22T01:50:08.000Z

fmm...npm audit is well and npm status is all green...

API specification change?
The trouble continues.

Answer 12 · 2019-10-22T15:45:21.000Z

Same here, my CI build is failing intermittently. I think it would be better if CI build would fail only when there's a security issue, not when there's a network issue. Thanks!