Description
When SAF CLI starts, it outputs many MODULE_NOT_FOUND warnings related to the @mitre/emass_client package trying to find axios:
(node:13864) [MODULE_NOT_FOUND] Warning: ModuleLoadError
module: @oclif/core@3.27.0
task: findCommand (emasser:delete:artifacts)
plugin: @mitre/saf
root: /usr/local/lib/node_modules/@mitre/saf
code: MODULE_NOT_FOUND
message: [MODULE_NOT_FOUND] require failed to load /usr/local/lib/node_modules/@mitre/saf/lib/commands/emasser/delete/artifacts.js: Cannot find module '@mitre/emass_client/node_modules/axios'
This warning repeats for all emasser commands (~1200+ lines of warnings).
Impact
- Functional: Commands still work - this is a warning, not an error
- User Experience: Very noisy output obscures actual results
- CI/CD: Pollutes logs, makes debugging harder
Root Cause Analysis
@mitre/emass_client (v3.22.0) declares axios: ^1.6.1 as a direct dependency- SAF CLI also has
axios: ^1.5.0 as a dependency
- npm hoists axios to SAF's top-level
node_modules/axios
- The emass_client code does normal
require("axios") which should resolve via Node's module resolution
- However, something is causing Node to look specifically in
@mitre/emass_client/node_modules/axios instead of walking up the tree
The generated emass_client code is standard:
// dist/api.js:93
var axios_1 = require("axios");This happens during oclif's findCommand discovery phase at startup.
Possible Fixes
- In emass_client: Change axios from
dependencies to peerDependencies
- In SAF CLI: Add axios version resolution/override
- Investigation needed: Check if this is an npm/node version issue or oclif module resolution behavior
Environment
- Observed in GitHub Actions CI (ubuntu-latest)
- SAF CLI installed globally via npm
- Node.js version from CI runner
Workaround
For now, stderr can be suppressed:
export NODE_NO_WARNINGS=1
saf summary --input results.json 2>/dev/null
Related
Description
When SAF CLI starts, it outputs many
MODULE_NOT_FOUNDwarnings related to the@mitre/emass_clientpackage trying to find axios:This warning repeats for all emasser commands (~1200+ lines of warnings).
Impact
Root Cause Analysis
@mitre/emass_client(v3.22.0) declaresaxios: ^1.6.1as a direct dependencyaxios: ^1.5.0as a dependencynode_modules/axiosrequire("axios")which should resolve via Node's module resolution@mitre/emass_client/node_modules/axiosinstead of walking up the treeThe generated emass_client code is standard:
This happens during oclif's
findCommanddiscovery phase at startup.Possible Fixes
dependenciestopeerDependenciesEnvironment
Workaround
For now, stderr can be suppressed:
Related
src/typescript_client/package.json