NodeSecure · fraxken · Mar 28, 2026 · Mar 28, 2026
diff --git a/package.json b/package.json
@@ -1,79 +1,79 @@
-{
-  "name": "@nodesecure/report",
-  "version": "4.2.1",
-  "description": "NodeSecure HTML & PDF graphic security report",
-  "main": "./dist/src/index.js",
-  "type": "module",
-  "bin": {
-    "nreport": "./dist/bin/index.js"
-  },
-  "exports": {
-    ".": {
-      "import": "./dist/src/index.js"
-    }
-  },
-  "scripts": {
-    "build": "tsc && npm run build:views && npm run build:public",
-    "build:views": "rimraf dist/views && cp -r views dist/views",
-    "build:public": "rimraf dist/public && cp -r public dist/public",
-    "lint": "eslint src test bin scripts",
-    "test-only": "node --test-reporter=spec --test ./test/**/*.spec.ts",
-    "test": "c8 --all --src ./src -r html npm run test-only",
-    "test:e2e": "node --env-file-if-exists=.env --test-reporter=spec --test ./test/**/*.e2e-spec.ts",
-    "preview:light": "node --no-warnings ./scripts/preview.ts --theme light",
-    "preview:dark": "node --no-warnings ./scripts/preview.ts --theme dark",
-    "prepublishOnly": "npm run build"
-  },
-  "publishConfig": {
-    "registry": "https://registry.npmjs.org",
-    "access": "public",
-    "provenance": true
-  },
-  "files": [
-    "dist"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/NodeSecure/report.git"
-  },
-  "keywords": [
-    "security",
-    "report",
-    "nodesecure",
-    "pdf",
-    "html",
-    "chart"
-  ],
-  "author": "NodeSecure",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/NodeSecure/report/issues"
-  },
-  "homepage": "https://github.com/NodeSecure/report#readme",
-  "dependencies": {
-    "@nodesecure/flags": "^3.0.3",
-    "@nodesecure/ossf-scorecard-sdk": "4.0.1",
-    "@nodesecure/rc": "^5.0.0",
-    "@nodesecure/scanner": "10.7.0",
-    "@nodesecure/utils": "^2.2.0",
-    "@openally/mutex": "^2.0.0",
-    "@topcli/spinner": "^4.0.0",
-    "esbuild": "^0.27.0",
-    "filenamify": "^7.0.0",
-    "puppeteer": "^24.10.1",
-    "sade": "^1.8.1",
-    "zup": "0.0.2"
-  },
-  "devDependencies": {
-    "@openally/config.eslint": "2.4.2",
-    "@openally/config.typescript": "1.3.0",
-    "@types/node": "^25.0.0",
-    "c8": "^11.0.0",
-    "open": "^11.0.0",
-    "rimraf": "^6.0.1",
-    "typescript": "^5.7.2"
-  },
-  "engines": {
-    "node": ">=24"
-  }
-}
+{
+  "name": "@nodesecure/report",
+  "version": "4.2.1",
+  "description": "NodeSecure HTML & PDF graphic security report",
+  "main": "./dist/src/index.js",
+  "type": "module",
+  "bin": {
+    "nreport": "./dist/bin/index.js"
+  },
+  "exports": {
+    ".": {
+      "import": "./dist/src/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc && npm run build:views && npm run build:public",
+    "build:views": "rimraf dist/views && cp -r views dist/views",
+    "build:public": "rimraf dist/public && cp -r public dist/public",
+    "lint": "eslint src test bin scripts",
+    "test-only": "node --test-reporter=spec --test \"./test/**/*.spec.ts\"",
+    "test": "c8 --all --src ./src -r html npm run test-only",
+    "test:e2e": "node --env-file-if-exists=.env --test-reporter=spec --test \"./test/**/*.e2e-spec.ts\"",
+    "preview:light": "node --no-warnings ./scripts/preview.ts --theme light",
+    "preview:dark": "node --no-warnings ./scripts/preview.ts --theme dark",
+    "prepublishOnly": "npm run build"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public",
+    "provenance": true
+  },
+  "files": [
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NodeSecure/report.git"
+  },
+  "keywords": [
+    "security",
+    "report",
+    "nodesecure",
+    "pdf",
+    "html",
+    "chart"
+  ],
+  "author": "NodeSecure",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/NodeSecure/report/issues"
+  },
+  "homepage": "https://github.com/NodeSecure/report#readme",
+  "dependencies": {
+    "@nodesecure/flags": "^3.0.3",
+    "@nodesecure/ossf-scorecard-sdk": "4.0.1",
+    "@nodesecure/rc": "^5.0.0",
+    "@nodesecure/scanner": "10.7.0",
+    "@nodesecure/utils": "^2.2.0",
+    "@openally/mutex": "^2.0.0",
+    "@topcli/spinner": "^4.0.0",
+    "esbuild": "^0.27.0",
+    "filenamify": "^7.0.0",
+    "puppeteer": "24.40.0",
+    "sade": "^1.8.1",
+    "zup": "0.0.2"
+  },
+  "devDependencies": {
+    "@openally/config.eslint": "2.4.2",
+    "@openally/config.typescript": "1.3.0",
+    "@types/node": "^25.0.0",
+    "c8": "^11.0.0",
+    "open": "^11.0.0",
+    "rimraf": "^6.0.1",
+    "typescript": "^5.7.2"
+  },
+  "engines": {
+    "node": ">=24"
+  }
+}
diff --git a/src/analysis/extractScannerData.ts b/src/analysis/extractScannerData.ts
@@ -104,7 +104,7 @@ export function buildStatsFromScannerDependencies(
   }
 
   const payloads = Array.isArray(payloadFiles) ? payloadFiles : [payloadFiles];
-  const npmConfig = config.npm!;
+  const npmConfig = config.npm;
 
   const dependencies = payloads.reduce<Payload["dependencies"]>((acc, curr) => {
     const dep = getPayloadDependencies(curr);
@@ -118,16 +118,16 @@ export function buildStatsFromScannerDependencies(
     new Extractors.Probes.Flags(),
     new Extractors.Probes.Licenses(),
     new Extractors.Probes.Warnings(),
-    new Extractors.Probes.Size({ organizationPrefix: npmConfig.organizationPrefix }),
+    new Extractors.Probes.Size({ organizationPrefix: npmConfig?.organizationPrefix }),
     new Extractors.Probes.Extensions(),
     new Extractors.Probes.NodeDependencies()
   ]);
 
   extractor.on("manifest", (spec: string, dependencyVersion, { name }) => {
     const { flags, links = [] } = dependencyVersion;
-    const isThird = npmConfig.organizationPrefix === null ?
+    const isThird = npmConfig?.organizationPrefix === null ?
       true :
-      !name.startsWith(`${npmConfig.organizationPrefix}/`);
+      !name.startsWith(`${npmConfig?.organizationPrefix}/`);
     if (!(name in stats.packages)) {
       const { orgPrefix, name: splitName } = splitPackageWithOrg(name);
       const isGiven = config.npm?.packages.includes(splitName) && orgPrefix === config.npm?.organizationPrefix;
@@ -150,7 +150,11 @@ export function buildStatsFromScannerDependencies(
     curr.versions.add(spec);
     const hasIndirectDependencies = flags.includes("hasIndirectDependencies");
     id: if (hasIndirectDependencies) {
-      if (!config.includeTransitiveInternal && name.startsWith(npmConfig.organizationPrefix)) {
+      if (
+        !config.includeTransitiveInternal &&
+        npmConfig &&
+        name.startsWith(npmConfig.organizationPrefix)
+      ) {
         break id;
       }