bellingard / sonar-scanner-npm Goto Github PK

Hi,
Using release 2.0.1
I can not use behind company's proxy:
Downloading can not pass https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.0.3.778-windows.zip request without proxy setting (seems you are using Download.js but no way to set proxy parameter)
I can not use SONAR_SCANNER_MIRROR : seems not implemented counter to documentation so I can not implement my own internal mirror

I can not update handly the all build agents I am using

What do you suggest ?

This must use the work done here: https://github.com/henryju/bdd-scanner-natif

There is no way of knowing if sonar-scanner succeeded or not. That means that the Build Breaker plugin can't be used.

Steps to reproduce
1 . Delete sonar-scanner binary (e.g. rm -rf /home/hic/.sonar/native-sonar-scanner/sonar-scanner-3.0.3.778-linux/bin/sonar-scanner)
2. install newest sonarqube-scanner npm install --global [email protected]
3. run it sonar-scanner

This yields following error:

[10:19:42] Starting SonarQube analysis...
[10:19:42] Checking if executable exists: /home/hic/.sonar/native-sonar-scanner/sonar-scanner-3.2.0.1227-linux/bin/sonar-scanner
[10:19:42] Could not find executable in "/home/hic/.sonar/native-sonar-scanner".
[10:19:42] Proceed with download of the platform binaries for SonarQube Scanner...
[10:19:42] Creating /home/hic/.sonar/native-sonar-scanner
[10:19:42] Downloading from https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip
[10:19:42] (executable will be saved in cache folder: /home/hic/.sonar/native-sonar-scanner)
[10:19:43] ERROR: impossible to download and extract binary: Response code 401 (Unauthorized)
[10:19:43]        SonarQube Scanner binaries probably don't exist for your OS (linux).
[10:19:43]        In such situation, the best solution is to install the standard SonarQube Scanner (requires a JVM).
[10:19:43]        Check it out at https://redirect.sonarsource.com/doc/install-configure-scanner.html

Hi,

I'd like to use the sonar-scanner via a gulpfile to scan my nodejs project. I get an error when the scanner tries to use the downloaded Windows zip in my user directory, because the name of that folder contains a space.

(executable will be saved in cache folder: C:\Users\My Name\.sonar\native-sonar-scanner)

The error:

'C:\Users\My' is not recognized as an internal or external command'

I've tried to change the default .sonar cache folder in the options json, but that doesn't seem to work. My options:

sonarqubeScanner({
    serverUrl: "https://sonarqube.com",
    options: {
        "sonar.projectName": "Node Project",
        "sonar.working.directory": "./.sonar",
        "sonar.sources": ".",
        "sonar.verbose": "true"
    }
}, callback);

This doesn't solve it. Any help? Thanks in advance.

I'm trying to run the Sonar task using customScanner. However, when I run the task it returns the following error: Failed to parse JSON in SONARQUBE_SCANNER_PARAMS environment variable.

I want to know if this is the correct setting when I want to run with the Local Sonar-Scanner:

const gulp = require('gulp');
const sonarqubeScanner = require('sonarqube-scanner').customScanner;
const conf = require('../conf/gulp.conf');

gulp.task('sonar', sonar);

function sonar(callback) {
  sonarqubeScanner({
    serverUrl : "https://mysonar.url.com.br/",
     options : {
      projectKey: 'myProject:name',
      projectName: 'name',
      projectVersion: '1.0.0.0',
      sources: 'src',
      language: 'js',
      sourceEncoding: 'UTF-8',
      exclusions:".tmp/**, dist/**, node_modules/**, bower_components/**",
      javascript: {
        lcov: {
          reportPath: 'results/lcov.info'
        }
      }
    }
  }, callback);
}

The only environment variable I set was the Sonar path: /opt/sonar-runner/bin. And I also created the sonar-project.properties file inside my directory project but the task never seems to get this file. I ran Sonar straight (without the task): sonar-scanner and it worked perfectly, but with the package it never works.

I did a lot of testing and I did not come up with a solution. Could you tell me what it could be? Thanks, so much!

Hello,

I am going to start setting up sonar analysis for a react app using jest as unit testing framework.
If I understand correctly, sonar-scanner-npm triggers sonar-analysis for the javascript project.. In my project, I also have non-js files.. e.g. .scss files. Will the sonar-analysis be triggered for all file extensions in project? I assume yes, because analysis will be run on SonarQube server.

I have another question.. About reporting jest test coverage to SonarQube: does sonar-scanner-npm cover that as well? or do I need to use a package like jest-sonar-reporter and then run sonar-scanner?

Thanks,
Kumar

For users on SonarCloud, the organization must be specified - which is not that obvious when reading the doc (see #10).

So:

• Let's add an "organization" parameter
• Let's better document this.

We are using SonarQube version 7.7 and when we try to use the 2.5 version of the sonar-scanner it throws this error in the logs:

"Error during SonarQube Scanner execution java.lang.IllegalStateException:
Unable to register extension fr.cnes.sonar.plugins.icode.check.ICodeSensor from plugin 'icode'"

If we go back to version 2.4 it works properly.

I have already sonar-scanner in my PATH so the binary name conflicts with this. Shouldn't it be sonarqube-scanner or is it meant as dropin replacement?

Otherwise this temp folder will grow infinitely

Hi.
I'm trying to run sonar for my project, but got this:

ERROR: Error during SonarQube Scanner execution
ERROR: Insufficient privileges

http://joxi.ru/52aYO83I4x03R2

Maybe it's due to typescript files?

You check in your scripts on which OS the sonarqube-scanner will be executed and you download the corresponding zip file with the scanner jar. The zip also contains a java version which is always used to start the scanner. The problem in my environment is that our Sonar server is running with SSL with a self signed certificate which leads to an error with the java version included in the zip. On the mirror where you download the archive a zip file also exists without an OS name which does not include a jre and uses the jre/jdk on the host system.

I need a flag or config possibility to use and download the archive which does not contain a jre.

• Add lint - eslint #30
• Continuous integration
  • Lint & export result to sonar
  • Unit test & export result to sonar
  • Coverage & export result to sonar
• support gulp & shell script

I really wanted to use sonarqube / sonarcloud. But unfortunately its pretty messy with looots of files. One case is

ERROR: Parse error at line 89 column 40:

79:     iconSize = [styles.icon_size_tablet];
80:     pictureSize = styles.picture_size_tablet;
81:   } else {
82:     iconSize = [styles.icon_size_phone];
83:     pictureSize = [styles.picture_size_phone];
84:   }
85:
86:   return (
87:     <View style={styles.container}>
88:       <CircleImage icon={props.icon} onlyImage={false} style={iconSize} iconStyle={pictureSize} />
89:       <View style={styles.textContainer, props.textContainerStyling}>
                                           ^
90:         <Text style={[styles.headline, props.textStyle]}>{props.title}</Text>
91:         {props.hasDescription
92:           ? <Text style={[styles.description, props.textStyle]}>{props.description}</Text>
93:           : null
94:         }
95:       </View>
96:     </View>
97:   );
98: };
99:

whats the issue there?

Hi,

I have docker image that runs sonar and i use sonarqube to analyze my typescript project.

I would like to use this in my CI Pipeline is there a way to show some summary report in the console?

const sonarqubeScanner = require('sonarqube-scanner');
sonarqubeScanner({
    serverUrl: 'http://localhost:9999',
    options: {
        'sonar.sources': '.',
        'sonar.inclusions': 'src/**' // Entry point of your code
    }
}, () => {});

Btw why do i get 0.0% coverage is this to do with tests?

It's currently named after the package name - which is not what I want.
In order to be consistent with all other scanners, the executable has to be named "sonar-scanner".

warning sonarqube-scanner > download > gulp-decompress > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5

See https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5

I've added sonar to my image: https://hub.docker.com/r/evryfs/node-dev-docker/tags/ (the sonar tag)
But even after that sonar-scanner fails to detect the tool and instead downloads it:

11:32:44 [scan] sonar-scanner
11:32:44 [scan] [10:32:44] Starting SonarQube analysis...
11:32:44 [scan] [10:32:44] Checking if executable exists: /home/node/.sonar/native-sonar-scanner/sonar-scanner-3.0.3.778-linux/bin/sonar-scanner
11:32:44 [scan] [10:32:44] Could not find executable in '/home/node/.sonar/native-sonar-scanner'.
11:32:44 [scan] [10:32:44] Proceed with download of the platform binaries for SonarQube Scanner...
11:32:44 [scan] [10:32:44] Creating /home/node/.sonar/native-sonar-scanner
11:32:44 [scan] [10:32:44] Downloading from https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.0.3.778-linux.zip
11:32:44 [scan] [10:32:44] (executable will be saved in cache folder: /home/node/.sonar/native-sonar-scanner)

Hi, @bellingard

I found that when I installed this package, npm warned me about security of slug dependency.

npm WARN notice [SECURITY] slug has the following vulnerability: 1. moderate, Go here for more details: https://nodesecurity.io/advisories/537 ...

Then, I cannot deploy my application due to quarantine error.

So, is there anyway to use some alternatives of slug ?

Thanks

Hi there,
Thanks a lot for this wrapper, its very handy! 👍

Could you please publish the latests version on NPM?
I'd like to use the mirror feature and its not available in the version available on NPM now (2.0.1).

Thanks! :)

Currently the install location is set to $HOME, would be great to set manually in order to play well in container based CI system, for caching mostly.

process.env.SONARQUBE_SCANNER_HOME || os.homedir()

• Add usage for cli user
  • extract report info from package.json #25
  • Update sonar.exclusions #24
  • Update parameter of API & CLI #23
  • analysis this module using npm scripts #21
  • compatible async API
• test for project stylelint/stylelint#2880

When running NPM audit this morning, there is a high vulnerability on this package, due to it's use of the 'download' and 'decompress' packages.

NPM says there is no solution to this vulnerability, and to just not use the decompress package:

https://npmjs.com/advisories/1217

JSON Output from NPM audit for the sonarqube-scanner module:

"1217": {
            "findings": [
                {
                    "version": "4.2.0",
                    "paths": [
                        "sonarqube-scanner>download>decompress"
                    ]
                }
            ],
            "id": 1217,
            "created": "2019-10-15T20:29:24.598Z",
            "updated": "2020-02-26T21:44:26.745Z",
            "deleted": null,
            "title": "Arbitrary File Write",
            "found_by": {
                "link": "https://www.arnflo.se",
                "name": "Oscar Arnflo",
                "email": ""
            },
            "reported_by": {
                "link": "https://www.arnflo.se",
                "name": "Oscar Arnflo",
                "email": ""
            },
            "module_name": "decompress",
            "cves": [],
            "vulnerable_versions": ">=0.0.0",
            "patched_versions": "<0.0.0",
            "overview": "All versions of `decompress` are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing`../`.",
            "recommendation": "No fix is currently available. Consider using an alternative package until a fix is made available.",
            "references": "- [GitHub Issue](https://github.com/kevva/decompress/issues/71)",
            "access": "public",
            "severity": "high",
            "cwe": "CWE-59",
            "metadata": {
                "module_type": "",
                "exploitability": 5,
                "affected_components": ""
            },
            "url": "https://npmjs.com/advisories/1217"
        }

I normally work on Java back-end issues, so I don't normally work with gulp/npm.

We have a set of front-end projects along with our back-end builds. We recently upgraded our SonarQube installation from version 6.x to 7.9.1. At that point we found that the SonarQube scans in our front-end builds were failing. At one time we were using the obsolete "gulp-sonar" dependency, but we moved to this package, and now we're using the latest version, 2.5.0. We were told that we had to use the latest version of the underlying sonar-scanner, and we believe that this 2.5.0 version is using version 4.0.0 of that scanner, which is what we need.

However, when our front-end scans run, we see the following in the log:

java.lang.UnsatisfiedLinkError: no zip in java.library.path: [/usr/java/packages/lib, /usr/lib64, /lib64, /lib, /usr/lib]
 	at java.base/java.lang.ClassLoader.loadLibrary(Unknown Source)
 	at java.base/java.lang.Runtime.loadLibrary0(Unknown Source)
 	at java.base/java.lang.System.loadLibrary(Unknown Source)
 	at java.base/java.util.zip.ZipUtils.loadLibrary(Unknown Source)
 	at java.base/java.util.zip.Deflater.<clinit>(Unknown Source)
 	at java.base/java.util.zip.ZipOutputStream.<init>(Unknown Source)
 	at java.base/java.util.zip.ZipOutputStream.<init>(Unknown Source)
 	at org.sonar.api.utils.ZipUtils.zipDir(ZipUtils.java:179)
 	at org.sonar.scanner.report.ReportPublisher.generateReportFile(ReportPublisher.java:159)
 	at org.sonar.scanner.report.ReportPublisher.execute(ReportPublisher.java:138)
 	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:366)
 	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
 	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
 	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
 	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
 	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
 	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
 	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
 	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
 	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
 	at com.sun.proxy.$Proxy0.execute(Unknown Source)
 	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:185)
 	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:137)
 	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
 	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)

I'm not sure what might be wrong here.

To have a executable like "sonar-scanner"

Is it possible to specify a cache folder for the binary ?

In CI environments, this tool will always re-download the binary . And I'm not sure sharing /root/.sonar/ between all environments is a good idea .

Can you add an ENV to set this path ?pls

Is it possible to pass project key/name and version via the command line args rather than read from package.json?

The Scanner CLI has the correct default behaviour. So let's remove:

• the default project key
• the default project name
• the default project version

I'm using the latest version of both SQ and this scanner, but it's not picking up the version field from package.json and in SQ I get "unknown version".

If I put sonar.projectVersion in sonarqube.properties then it works, but having to maintain a redundant version field is error-prone.

Is the scanner supposed to pick up the version from package.json?

Note: I'm running the scanner from the command line.

See https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner

Hello,

We have a self hosted SonarQube server and the sonarqube-scanner in our JavaScript project. All worked fine untill we upgraded out network to use https. We thought we could solve this by installing our self issued certificate and but unfortunately this doesn't work.

We think we need to provide the certificate to the Java executable that this package is installing somewhere in your home directory. Can anyone guide us on how to solve this?

Thanks and kind regards.

Version 4.2.0.1873 is available in https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/.

Is it possible to upgrade sonar-scanner-npm with this new version?

We use our own certificates to connect to server.

Following error appears:
ERROR: SonarQube server [https://xxxx.xxx.xx] can not be reached

Everything works fine if I use Java-based Sonar Scanner (sonar-scanner-3.0.3.778-macosx) with custom sonar-scanner-3.0.3.778-macosx/jre/lib/security/cacerts file.

Tried to copy same cacerts file to JRE's security folder but no luck.

Can scanner utilized audit report and send to sonar?

Currently, if sonar-scanner is in the PATH, it is used. This is a problem in the following situation:

• Build is on Travis CI with the SonarQube Add-on
• The SonarQube Add-on installs by default a version of the SonaQube Scanner - but w/o any Java Runtime (it's up to the developer to use the correct Travis Environment)
• But JS developers typically use the "nodejs" environment that has no JRE

So by default the Scanner for JS should rely on the platform distributions.

When I try run as CLI,
https://github.com/gucong3000/sonar-scanner-npm/blob/npm_scripts/.travis.yml#L20

node dist/bin/sonar-scanner \
    "-Dsonar.organization=default" \
    "-Dsonar.projectName=SonarQube/SonarCloud Scanner for the JavaScript world" \
    "-Dsonar.sources=dist" \
    "-Dsonar.tests=specs" \
    "-Dsonar.javascript.lcov.reportPath=coverage/lcov.info" \
    "-Dsonar.genericcoverage.unitTestReportPaths=report/unittest.xml"

I got a Error:
https://travis-ci.org/gucong3000/sonar-scanner-npm/builds/272847904?utm_source=github_status

ERROR: Unrecognized option:  -Dsonar.projectName=SonarQube/SonarCloud Scanner for the JavaScript world
INFO: 
INFO: usage: sonar-scanner [options]
INFO: 
INFO: Options:
INFO:  -D,--define <arg>     Define property
INFO:  -h,--help             Display help information
INFO:  -v,--version          Display version information
INFO:  -X,--debug            Produce execution debug output

This bug was introduced in [email protected] it works in 2.0.2 and 2.1.0

the scanner running an analysis on a scoped module removed the '/' from the module key/name should be "@scope/module-name" but is "@scopemodule-name" and then it complains this is not a valid project or module key.

ERROR: Error during SonarQube Scanner execution
ERROR: Validation of project reactor failed:
  o "@scope/module-name" is not a valid project or module key. Allowed characters are alphanumeric, '-', '_', '.' and ':', with at least one non-digit.
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
child_process.js:624
    throw err;
    ^

Getting below error. I know it such case I need to add certificate in java trust store but I don't know which java it is using, I did added in my JAVA_HOME trust store but still no luck.

ERROR: Unable to execute SonarQube
ERROR: Caused by: Fail to get bootstrap index from server
ERROR: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: Caused by: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ERROR: Caused by: unable to find valid certification path to requested target
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.```

Attempting to run this in an alpine-node Docker image (java is not installed).

$ sonar-scanner -DbuildNumber=$CI_JOB_ID -Dsonar.host.url=$SONAR_HOST -Dsonar.login=$SONAR_LOGIN -Dsonar.password=$SONAR_PASSWORD -Dsonar.projectKey=$SONAR_PROJECT_KEY
[00:23:08] Starting SonarQube analysis...
[00:23:08] Checking if executable exists: /root/.sonar/native-sonar-scanner/sonar-scanner-3.3.0.1492-linux/bin/sonar-scanner
[00:23:08] Could not find executable in "/root/.sonar/native-sonar-scanner".
[00:23:08] Proceed with download of the platform binaries for SonarQube Scanner...
[00:23:08] Creating /root/.sonar/native-sonar-scanner
[00:23:08] Downloading from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.3.0.1492-linux.zip
[00:23:08] (executable will be saved in cache folder: /root/.sonar/native-sonar-scanner)

/root/.sonar/native-sonar-scanner/sonar-scanner-3.3.0.1492-linux/bin/sonar-scanner: exec: line 66: /root/.sonar/native-sonar-scanner/sonar-scanner-3.3.0.1492-linux/jre/bin/java: not found
ERROR: Job failed: exit code 127

Hello, recently we tried to use this library to integrate sonar scanner in our application we faced this problem:

1. We specify "sonarqube-scanner": "^2.1.2" in our package.json file
2. We run "npm install" in our Dockerfile and this the log infomation:
   
3. We go inside the container and follow the path specified "/root/.sonar/native-sonar-scanner/sonar-scanner-3.2.0.1227-linux/jre/bin/java" we found out that "java" is actually there, and we are so confused why it says it's not found just as the error logs shows above
   Can someone helps us point out the actual reason on this and possible solution to solve this issue? Would be much appreciated for any information:). Thanks.

Hi, I see you are working in sonarqube. can you please help me on this-

I have an angularjs project. the project has a Jenkinsfile(declarative pipeline) which can build the jenkinsjob when a push is done. I'm trying to include a sonarqube action here for static scan. Searched a lot for angular projects with my scenario. but most of the examples i checked have pom.xml file(cause they were either java related projects).

I have written a sonar-projects.properties in root and added all necessary item:

sonar.projectKey=apols:webproject
sonar.projectName=webproject
sonar.projectVersion=1.0.0
sonar.projectDescription=Static analysis for the AppName
sonar.sources=www
sonar.exclusions=**/node_modules/**,**/*.spec.ts,**/dist/**,**/docs/**,**/*.js,**/coverage/**
sonar.tests=www 
sonar.test.inclusions=**/*.spec.ts
sonar.ts.tslint.configPath=tslint.json
sonar.javascript.lcov.reportPaths=coverage/lcov.info
sonar.ts.coverage.lcovReportPath=coverage/lcov.info

My Jenkinsfile's sonar scan portion -

stage('Sonarqube') {
	 steps {
		container('maven') {
		    script {
			   withSonarQubeEnv('SonarQube') {
                  sh 'mvn clean package sonar:sonar'
			   }
			   timeout(time: 10, unit: 'MINUTES') {
		    	    waitForQualityGate abortPipeline: true
			   }
            }
		}
	 }
}

As you can see i'm using the maven container in jenkins.

When the jenkins job runs, when it executes this line in Jenkinsfile - sh 'mvn clean package sonar:sonar' , it checks for the pom.xml file and fails. So how can i point this to my sonar-projects.properties .

I'm not using maven for the project. I know we can set sonar-scanner from jenkins-job configuration. But In our work the client doesn't provide that from their side. But we can do anything from coding side. like in above case, the 'maven' container used is from jenkins.yaml file. So is it possible to have the 'sonar-scanner' container in jenkins.yaml file so that i can use it in jenkinsfile?

Please help

Hi

When trying to use the npm module on a sonarqube instance that is protected via basic authentication I'm supposed to set the sonar.login and sonar.password attributes in the options section of the gulpfile. However if the password has the $ symbol as part of it then execution of the sonar scan fails because it cuts off parameters passed to the java executable from the $ sign onwards, presumably because $ is a reserved value in scripting.

I'm running this on a MacBook Pro. Unfortunately we don't have any control over the password of the sonarqube instance, so we can't remove the $ symbol from it as its a valid character in a secure password

Thanks

Darrell

I'm integrating Sonar to my nodejs project and when I run gulp to execute sonar, I got following error:

[11:43:47] 'sonar' errored after 61 ms
[11:43:47] TypeError: Path must be a string. Received undefined
at assertPath (path.js:7:11)
at Object.join (path.js:468:7)
at getSonarQubeScannerExecutable (C:\Users\IBM_ADMIN\AR_Projects\ar-api\node_modules\sonarqube-scanner\dist\sonarqub
e-scanner-executable.js:58:30)
at scan (C:\Users\IBM_ADMIN\AR_Projects\ar-api\node_modules\sonarqube-scanner\dist\index.js:21:5)
at Gulp. (C:\Users\IBM_ADMIN\AR_Projects\ar-api\gulpfile.js:103:3)
at module.exports (C:\Users\IBM_ADMIN\AR_Projects\ar-api\node_modules\orchestrator\lib\runTask.js:34:7)
at Gulp.Orchestrator._runTask (C:\Users\IBM_ADMIN\AR_Projects\ar-api\node_modules\orchestrator\index.js:273:3)
at Gulp.Orchestrator._runStep (C:\Users\IBM_ADMIN\AR_Projects\ar-api\node_modules\orchestrator\index.js:214:10)
at Gulp.Orchestrator.start (C:\Users\IBM_ADMIN\AR_Projects\ar-api\node_modules\orchestrator\index.js:134:8)
at C:\Users\IBM_ADMIN\AppData\Roaming\npm\node_modules\gulp\bin\gulp.js:129:20

如题