Frogbot unable to parse large package lockย #932
Description
Describe the bug
It looks like when the package-lock.json is too big, FrogBot can't seem to parse it. We have two similar repositories, where one seems to work and the other doesn't. On the surface the only difference is the amount of dependencies.
Current behavior
...
09:29:22 [Info] [Thread 0] No SCA findings
09:29:23 [Debug] Sending HTTP PUT request to: https://lpe.jfrog.io/xray/api/v1/xsc/event
09:29:23 [Debug] Command event:
{{0 failed 0 0 false 2m17.580188559s } 6029ef1e-6222-40ba-a480-fad78679f7ca }
09:29:23 [Debug] Sending an error report to JFrog analytics...
09:29:23 [Debug] Sending HTTP POST request to: https://lpe.jfrog.io/xray/api/v1/xsc/event/logMessage
Error: 4 [Error] failed to audit source branch code for [.] project. Error: target '/tmp/jfrog.cli.temp.-1759742823-4212232419/lambda/config-sync [npm]' errors:
failed to generate SBOM for /tmp/jfrog.cli.temp.-1759742823-4212232419/lambda/config-sync: failed to build dependency tree: failed while building 'npm' dependency tree: failed to parse '{
"overridden": false,
"name": "@types/istanbul-lib-report",
"dev": true,
"extraneous": false,
"path": "/tmp/jfrog.cli.temp.-1759742823-4212232419/node_modules/@types/istanbul-lib-report",
"_dependencies": {},
"devDependencies": {},
"peerDependencies": {}
}' from npm ls output.
target '/tmp/jfrog.cli.temp.-1759742823-4212232419 [npm]' errors:
failed to generate SBOM for /tmp/jfrog.cli.temp.-1759742823-4212232419: failed to build dependency tree: failed while building 'npm' dependency tree: failed to parse '{
"overridden": false,
"name": "@types/istanbul-lib-report",
"dev": true,
"extraneous": false,
"path": "/tmp/jfrog.cli.temp.-1759742823-4212232419/node_modules/@types/istanbul-lib-report",
"_dependencies": {},
"devDependencies": {},
"peerDependencies": {}
}' from npm ls output.
target '/tmp/jfrog.cli.temp.-1759742823-4212232419/infra/application [npm]' errors:
failed to generate SBOM for /tmp/jfrog.cli.temp.-1759742823-4212232419/infra/application: failed to build dependency tree: failed while building 'npm' dependency tree: failed to parse '{
"resolved": "file:../../infra/application",
"overridden": false,
"name": "@sbs/infra",
"devDependencies": {
"@flashscan-libraries/integ-base": "0.0.0",
"@flashscan-libraries/lambda-test-utilities": "1.0.1"
},
"extraneous": false,
"path": "/tmp/jfrog.cli.temp.-1759742823-4212232419/node_modules/@sbs/infra",
"_dependencies": {
"@aws-solutions-constructs/aws-dynamodbstreams-lambda": "^2.92.0",
"@flashscan-libraries/infra-base": "2.13.0",
"aws-cdk": "^2.1029.4",
"aws-cdk-lib": "2.219.0"
},
"peerDependencies": {},
"dependencies": {
"@aws-solutions-constructs/aws-dynamodbstreams-lambda": {
"version": "2.93.0",
"resolved": "https://lpe.jfrog.io/artifactory/api/npm/flash-scan-npm-prd-virtual/@aws-solutions-constructs/aws-dynamodbstreams-lambda/-/aws-dynamodbstreams-lambda-2.93.0.tgz",
"overridden": false,
"name": "@aws-solutions-constructs/aws-dynamodbstreams-lambda",
"integrity": "sha512-rn2eH/+cNrzHT1gyZvDkMf40zARgipE3OQQa7zdcAJTuABjyBLRPsRwYpBhpgDsIzNGlfwOKmBjNok8f+Jcv3w==",
...
...
},
"devDependencies": {},
"peerDependencies": {}
},
"@aws-sdk/util-user-agent-browser": {
"version": "3.901.0",
"name": "@aws-sdk/util-user-agent-browser",
"resolved": "https://lpe.jfrog.io/artifactory/api/npm/flash-scan-npm-prd-virtual/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.901.0.tgz",
"integrity": "sha512-Ntb6V/WFI21Ed4PDgL/8NSfoZQQf9xzrwNgiwvnxgAl/KvAvRBgQtqj5gHsDX8Nj2YmJuVoHfH9BGjL9VQ4WNg==",
"license": "Apache-2.0",
"_id": "@aws-sdk/[email protected]",
"extraneous": false,
"path": "/tmp/jfrog.cli.temp.-1759742823-4212232419/node_modules/@aws-sdk/util-user-agent-browser",
"_dependencies": {
"@aws-sdk/types": "3.901.0",
"@smithy/types": "^4.6.0",
"bowser": "^2.11.0",
"tslib": "^2.6.2"
},
"devDependencies": {},
"peerDependencies": {}
},
"@aws-sdk/util-user-agent-node": {
"version": "3.901.0",
"name": "@aws-sdk/util-user-agent-node",
"resolved": "https://lpe.jfrog.io/artifactory/api/npm/flash-scan-npm-prd-virtual/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.901.0.tgz",
"integrity": "sha512-l59KQP5TY7vPVUfEURc7P5BJKuNg1RSsAKBQW7LHLECXjLqDUbo2SMLrexLBEoArSt6E8QOrIN0C8z/0Xk0jYw==",
"license": "Apache-2.0",
"engines": {
Log ends here
Reproduction steps
No response
Expected behavior
FrogBot to handle big package-lock.json's. Or insights on what might goes wrong
JFrog Frogbot version
v2
Package manager info
npm 10.8.2
Git provider
GitHub
JFrog Frogbot configuration yaml file
No response
Operating system type and version
Ubuntu 24.04.3
JFrog Xray version
No response