tessl/npm-npq
Security auditing CLI tool that performs pre-installation checks on npm packages to detect vulnerabilities, malware, and supply chain risks before installation
error-handling.mddocs/reference/
Error Handling
Complete error handling documentation for npq.
Error Types
npq throws different error types based on the failure scenario:
// User abort error
interface UserAbortError extends Error {
code: 'USER_ABORT';
exitCode: 1;
message: string;
}
// Example UserAbortError
const abortError: UserAbortError = {
code: 'USER_ABORT',
exitCode: 1,
message: 'User aborted installation',
name: 'UserAbortError',
stack: '...'
};
// NpmRegistry error codes
type NpmRegistryErrorCode =
| 'EMISSINGSIGNATUREKEY' // Missing public key for signature verification
| 'EEXPIREDSIGNATUREKEY' // Expired public key
| 'EINTEGRITYSIGNATURE' // Invalid signature
| 'EATTESTATIONSUBJECT' // Attestation subject mismatch
| 'EATTESTATIONVERIFY'; // Attestation verification failed
// Network/API errors
interface NetworkError extends Error {
code: string;
statusCode?: number;
url?: string;
}
// Example NetworkError
const networkError: NetworkError = {
code: 'ENOTFOUND',
statusCode: 404,
url: 'https://api.npmjs.org/package/express',
message: 'Package not found',
name: 'NetworkError',
stack: '...'
};
// Package not found error
interface PackageNotFoundError extends Error {
code: 'PACKAGE_NOT_FOUND';
packageName: string;
}
// Example PackageNotFoundError
const notFoundError: PackageNotFoundError = {
code: 'PACKAGE_NOT_FOUND',
packageName: 'nonexistent-package',
message: 'Package nonexistent-package not found',
name: 'PackageNotFoundError',
stack: '...'
};Error Handling in Programmatic Usage
const Marshall = require('npq/lib/marshall');
try {
const marshall = new Marshall({
pkgs: ['nonexistent-package@latest']
});
const results = await marshall.run();
} catch (error) {
if (error.code === 'PACKAGE_NOT_FOUND') {
console.error(`Package not found: ${error.packageName}`);
} else if (error.code === 'USER_ABORT') {
console.log('Operation aborted by user');
} else if (error.code === 'ENOTFOUND' || error.code === 'ECONNREFUSED') {
console.error('Network error:', error.message);
console.error('URL:', error.url);
} else if (error.code === 'EMISSINGSIGNATUREKEY') {
console.error('Missing signature key for package verification');
} else if (error.code === 'EEXPIREDSIGNATUREKEY') {
console.warn('Expired signature key detected');
} else if (error.code === 'EINTEGRITYSIGNATURE') {
console.error('Invalid package signature detected');
} else {
console.error('Unexpected error:', error.message);
console.error('Error code:', error.code);
console.error('Stack:', error.stack);
}
}Error Handling Edge Cases
See Edge Cases for advanced error handling scenarios including:
- Network timeouts
- Partial failures
- Rate limiting
- Retry logic
Exit Codes
// Exit codes returned by npq CLI
type ExitCode = 0 | 1 | -1;
// 0: Success (no errors, or user confirmed installation)
// 1: User aborted operation (Ctrl+C or explicit 'n' response)
// -1: Error occurred (package not found, validation failed, network error, etc.)Error vs Warning Behavior
Errors (Fatal):
- Block installation by default
- Require explicit user confirmation to proceed
- Indicated with ✖ symbol in rich output
Warnings (Non-fatal):
- Allow installation with countdown (15 seconds by default)
- Can be auto-proceeded with 'y' keypress or timeout
- Indicated with ⚠ symbol in rich output
Auto-Continue: When only warnings are detected, npq automatically proceeds after 15 seconds. Disable with --disable-auto-continue flag or NPQ_DISABLE_AUTO_CONTINUE=true environment variable.
See Also
- Edge Cases - Advanced error handling scenarios
- API Reference - Programmatic usage
- Types - Complete type definitions
Install with Tessl CLI
npx tessl i tessl/npm-npq