During server start the Juice Shop runs a series of self-validations and print feedback about their success to the console:
Juice Shop will resist to launch as long as any of these validations fail:
The following checks are run during server startup and can typically be fixed in a straightforward fashion when they fail:
|Validation error message||Typical solution|
||Repair the mentioned dependency file. When using an original tag release version or
||If you installed from sources re-run
||Install one of the officially supported Node.js versions 10.x, 12.x and 14.x. If you use a pre-packaged distribution, make sure its version matches your installed Node.js version.|
||Make sure you use a supported operating system. If you use a pre-packaged distribution, make sure you downloaded the one for your OS.|
||Make sure you use a supported processor architecture. If you use a pre-packaged distribution, make sure you downloaded the one for your processor.|
||If you installed from sources re-run
||Make sure the port you intend to run Juice Shop on is actually available or use another port by setting the
||Make sure that your customization complies with the schema of the YAML configuration file.|
||Make sure that each property
||Make sure no single product is associated with more than one property
If your installation did not even get to the point of running these
checks or all checks successfully pass with
(OK) but the application
still fails to start, please check the
Common support issues for possible hints to
solve your issue.
Common support issues
If (and only if) none of the hints below could help you resolve your issue, please ask for support in our official Gitter Chat. If you are sure to have found a bug in the Juice Shop itself please open a GitHub issue.
🛑 Please do not file questions or support requests on the GitHub issues tracker.
Node.js / NPM
- After changing to a different Node.js version it is a good idea to
npm_modulesand re-install all dependencies from scratch with
- If during
libxmljs2binaries cannot be downloaded for your system, the setup falls back to building from source with
node-gyp. Check the
node-gypinstallation instructions for additional tools you might need to install (e.g. Python 2.7, GCC, Visual C++ Build Tools etc.)
npm installruns into a
Unexpected end of JSON inputerror you might need to clean your NPM cache with
npm cache clean --forceand then try again.
npm installfails on Ubuntu with the pre-installed Node.js please install the latest release of Node.js 14.x from scratch and try again.
npm installon Linux runs into
WARN cannot run in wdproblems (e.g. during the frontend installation step) try running
npm install --unsafe-perminstead.
npm startfails with
Error: ENOENT: no such file or directory, copyfileyou might have had either an error already during
npm installor you pulled changes from GitHub but did not re-run
npm installafterwards. Make sure to check if the file to copy from exists on your disk and if the target folder for the copy is there.
- If using Docker Toolbox on Windows make sure that you also enable port
forwarding from Host
0.0.0.0:3000for TCP for the
defaultVM in VirtualBox.
- If all startup checks show
(OK)but you see
SequelizeDatabaseError: SQLITE_ERROR: no such table: <some table name>errors right afterwards, please check if the file
data/juiceshop.sqliteexists. If so just stop and restart your server and this suspected race condition issue shouid go away.
- Using the Vagrant script (on Windows) might not work while your virus scanner is running. This problem was experienced at least with F-Secure Internet Security.
- If you are missing the Login with Google button, you are running OWASP Juice Shop under an unrecognized URL. You can still solve the OAuth related challenge!
- If you want to manually make the OAuth integration work to get the
full user experience, create your own customization file and define
all properties in the
- If you notice that a challenge solution is not working, check on the Score Board if that challenge is one of the potentially dangerous ones which are by default disabled in Docker environments and shared platforms like Heroku.
- You may find it easier to find vulnerabilities using a pen test tool. We strongly recommend Zed Attack Proxy which is open source and very powerful, yet beginner friendly.