1. Home
  2. Language Support
  3. JavaScript – NPM, Yarn and Bower

JavaScript – NPM, Yarn and Bower

We support several ways of tracking JavaScript dependencies, by using NPM, Yarn or Bower.

For NPM and Yarn we support both package.json and package-lock.json/yarn.lock. However, we recommend you to commit one of the lock files in order to get the most accurate tracking. If you only commit your package.json file, we will resolve all dependencies to their latest available versions as defined by your version constraints.

In the case of Bower, we support the bower.json file. We will resolve all dependencies to their latest available versions as defined by your version constraints.

By keeping at lease one of the supported files committed to your repository, we will automatically scan it/them for dependencies when you have done any of our integrations to your CI/CD pipeline.

Updated on 2019-12-15

Was this article helpful?

Related Articles