Wrong location for the node_modules folder

[ngyl88]

Describe the bug
The newly released dependency check docker image was unable to locate the node_modules folder, while the previous image works.

The problem is the same as mentioned by another user, #5116 (comment).

Version of dependency-check used
The problem occurs using version 7.4.0, running with docker commands that was published in Docker Hub. The script file used is exactly the same as previous successful runs.

Log file
With image tag 7.4.0,

[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[WARN] Unable to find node module: /src/node_modules/@ampproject/remapping/node_modules/@jridgewell/gen-mapping/package.json
[WARN] Unable to find node module: /src/node_modules/@ampproject/remapping/node_modules/@jridgewell/trace-mapping/package.json

Run with image tag 7.3.2,

[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Node.js Package Analyzer (23 seconds)
[INFO] Finished Dependency Merging Analyzer (2 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (9 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Node Audit Analyzer (0 seconds)
[INFO] Finished Yarn Audit Analyzer (1 seconds)
[INFO] Finished RetireJS Analyzer (59 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (22 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (33 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (155 seconds)

To Reproduce
Try to run the docker image to scan a NodeJS project with the script published in Docker Hub.

1. Create a NodeJS module. The NodeJS and npm version shouldn't matter, but just in case, we try with a react app that is created with NodeJS 18.12.1 , npm v8 .
2. Copy the script in https://hub.docker.com/r/owasp/dependency-check into ./bin/owasp-dependency-check-docker.
3. Set DC_VERSION="7.4.0" and DC_VERSION="7.3.2".

npx create-react-app my-app-owasp-check
cd my-app-owasp-check

./bin/owasp-dependency-check-docker

Expected behavior
It should pass the node_modules resolution phase and start Node.js Package Analyzer.

Additional context
NA

[ngyl88]

@jeremylong Thanks for the attempt to fix.

I tried with the docker image owasp/dependency-check:7.4.1 , same steps as above. The same issues persist. I'm not sure about the effect of the line in commit 8c9b6a1 , would you have an idea to share?

Logs generated:

[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[WARN] Unable to find node module: /src/node_modules/@ampproject/remapping/node_modules/@jridgewell/gen-mapping/package.json
[WARN] Unable to find node module: /src/node_modules/@ampproject/remapping/node_modules/@jridgewell/trace-mapping/package.json
[WARN] Unable to find node module: /src/node_modules/@babel/code-frame/node_modules/@babel/highlight/package.json