JavaScript / TypeScript - NPM, Yarn and Bower

  • 12 January 2023
  • 0 replies
  • 327 views

Debricked currently supports tracking JavaScript and TypeScript dependencies via:

  • NPM, using package.json and package-lock.json files

  • Yarn, using package.json and yarn.lock files

  • Bower, using bower.json files

We recommend committing the lock files in order to get the most accurate tracking, as they contain resolved versions of the direct and indirect dependencies. If you only commit the package.json file, we will update all dependencies to their latest available versions as defined by your version constraints.

If at least one of the supported files is committed to your repository, it will be automatically scanned for dependencies when you have done any of our integrations to your CI/CD pipeline.

 

Bower

For the fastest and most accurate results, a file containing the resolved dependency tree has to be created prior to scanning. This can be done using the High Performance Scans technology in our Debricked CLI. By running the resolve command, the CLI automatically detects all manifest files without the recommended bower.debricked.lock files and generates the files as needed.

 

Supported file formats and features:

Language

Package Manager

Supported File Formats

Root dependencies 

Indirect dependencies

Dependency trees

Security Scanning

License Scanning

Root Fix

Pull Request

JavaScript

TypeScript

Bower

bower.json

   
 

npm

package.json

package-lock.json

 

yarn

package.json

yarn.lock

 

Have a look at the overview of all supported languages.


0 replies

Be the first to reply!

Reply