-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for npm-shrinkwrap.json files #324
Comments
@jeremylong Any sign of shrinkwrap being supported? When DependencyCheck finds vulnerabilities in nested dependencies the only course of action in npm is to override them with shrinkwrap. (Unless you have come across another way?) Currently DependencyCheck doesn't support shrinkwraps and therefore continues to fail the tests. This is huge, and a major blocker to continued usage of DependencyCheck. |
This was recently merged into the master branch (see #1006). We have not yet performed a release with this update yet; I'm hoping in about 1 week. |
Great work, looking forward to the release! Thank you. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
In writing documentation for the new Node.js analyzer, I added a link to nsp. Reading that page, I noticed that nsp also handles a thing called a NPM shrinkwrap file, which seems akin to a Ruby Bundler
Gemfile.lock
file. It might be straightforward to extend D-C analysis to these files.The text was updated successfully, but these errors were encountered: