verdaccio: Npm Audit fails on semantic-release - cannot convert undefined or null to object

Describe the bug I have several projects moving to use semantic-release. We are seeing an npm audit issue specifically with semantic-release.

using: npm 6.4.1 node 8.12.0

npm install 
npm WARN audit Audit result from registry missing metadata. This is probably an issue with the registry.
up to date in 10.568s
npm ERR! Cannot convert undefined or null to object

This works if we change the repo’s .npmrc file to point to http://registry.npmjs.org/ or pass in --registry http://registry.npmjs.org/

To Reproduce Steps to reproduce the behavior:

1. Add semantic-release >15.8 and < 16 to a project’s package.json, and use verdaccio 3.8.1 as your registry in .npmrc file.
2. run npm install

Expected behavior Some non failure like:

audited 26507 packages in 10.488s
found 122 low severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

Docker || Kubernetes (please complete the following information):

• Docker verdaccio tag: verdaccio/verdaccio:3.8.1
• Docker commands [e.g. docker pull …] running in kubernetes, kubectl apply deployment.yml
• Docker Version [e.g. v18.05.0-ce-rc1] Docker version 1.13.1, build 092cba3

Debugging output

npm info lifecycle undefined~preshrinkwrap: undefined
npm timing audit compress Completed in 896ms
npm info audit Submitting payload of 70989bytes
npm info lifecycle undefined~shrinkwrap: undefined
npm verb shrinkwrap skipping write for package-lock.json because there were no changes.
npm info lifecycle undefined~postshrinkwrap: undefined
npm timing audit submit Completed in 2114ms
npm http fetch POST 200 https://VERDACCIO_URL.com/-/npm/v1/security/audits/quick 1947ms

npm timing audit body Completed in 1ms
npm WARN audit Audit result from registry missing metadata. This is probably an issue with the registry.
up to date in 11.489s
npm verb stack TypeError: Cannot convert undefined or null to object
npm verb stack     at Function.keys (<anonymous>)
npm verb stack     at summary (/usr/local/lib/node_modules/npm/node_modules/npm-audit-report/reporters/install.js:42:14)
npm verb stack     at Object.report [as install] (/usr/local/lib/node_modules/npm/node_modules/npm-audit-report/reporters/install.js:7:13)
npm verb stack     at Promise (/usr/local/lib/node_modules/npm/node_modules/npm-audit-report/index.js:20:46)
npm verb stack     at new Promise (<anonymous>)
npm verb stack     at report (/usr/local/lib/node_modules/npm/node_modules/npm-audit-report/index.js:19:10)
npm verb stack     at Object.printInstallReport (/usr/local/lib/node_modules/npm/lib/install/audit.js:100:10)
npm verb stack     at Installer.printInstalledForHuman (/usr/local/lib/node_modules/npm/lib/install.js:854:31)
npm verb stack     at Bluebird.try.then (/usr/local/lib/node_modules/npm/lib/install.js:778:19)
npm verb stack     at tryCatcher (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
npm verb stack     at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
npm verb stack     at Promise._settlePromise (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
npm verb stack     at Promise._settlePromise0 (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
npm verb stack     at Promise._settlePromises (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:693:18)
npm verb stack     at Async._drainQueue (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:133:16)
npm verb stack     at Async._drainQueues (/usr/local/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:143:10)
npm verb cwd REDACTED
npm verb Darwin 17.7.0
npm verb argv "/usr/local/bin/node" "/usr/local/bin/npm" "install" "--verbose"
npm verb node v8.12.0
npm verb npm  v6.4.1
npm ERR! Cannot convert undefined or null to object
npm verb exit [ 1, true ]
npm timing npm Completed in 11882ms

Additional context Add any other context about the problem here.