container: npm/yarn scan without a lockfile UNIFY-68

package.json

@@ -116,7 +116,7 @@
     "semver": "^6.0.0",
     "snyk-config": "^5.0.0",
     "snyk-cpp-plugin": "2.24.0",
-    "snyk-docker-plugin": "6.11.1",
+    "snyk-docker-plugin": "6.12.0",
     "snyk-go-plugin": "1.23.0",
     "snyk-gradle-plugin": "4.1.0",
     "snyk-module": "3.1.0",

test/jest/acceptance/snyk-container/container.spec.ts

@@ -117,6 +117,42 @@ describe('snyk container', () => {
       await expect(cli).toDisplay(`yum @ 4.9.0`, { timeout: 60 * 1000 });
     });
 
+    it('npm depGraph is generated in an npm image with lockfiles', async () => {
+      const { code, stdout, stderr } = await runSnykCLIWithDebug(
+        `container test docker-archive:test/fixtures/container-projects/npm7-with-package-lock-file.tar --print-deps`,
+      );
+
+      assertCliExitCode(code, 1, stderr);
+      expect(stdout).toContain('Package manager:   npm');
+    });
+
+    it('npm depGraph is generated in an npm image without package-lock.json file', async () => {
+      const { code, stdout, stderr } = await runSnykCLIWithDebug(
+        `container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --print-deps`,
+      );
+
+      assertCliExitCode(code, 1, stderr);
+      expect(stdout).toContain('Package manager:   npm');
+    });
+
+    it('npm depGraph is generated in an npm image without package-lock.json and package.json file', async () => {
+      const { code, stdout, stderr } = await runSnykCLIWithDebug(
+        `container test docker-archive:test/fixtures/container-projects/npm7-without-package-and-lock-file.tar --print-deps`,
+      );
+
+      assertCliExitCode(code, 1, stderr);
+      expect(stdout).toContain('Package manager:   npm');
+    });
+
+    it('npm depGraph is generated in an npm image with lockfiles image', async () => {
+      const { code, stdout, stderr } = await runSnykCLIWithDebug(
+        `container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --print-deps`,
+      );
+
+      assertCliExitCode(code, 1, stderr);
+      expect(stdout).toContain('Package manager:   npm');
+    });
+
     it('finds dependencies in oci image (library/ubuntu)', async () => {
       cli = await startSnykCLI(
         'container test library/ubuntu@sha256:7a57c69fe1e9d5b97c5fe649849e79f2cfc3bf11d10bbd5218b4eb61716aebe6 --print-deps',

test/jest/acceptance/snyk-test/app-vuln-container-project.spec.ts

@@ -44,12 +44,29 @@ describe('container test projects behavior with --app-vulns, --file and --exclud
     );
     const jsonOutput = JSON.parse(stdout);
     expect(Array.isArray(jsonOutput)).toBeFalsy();
-    expect(jsonOutput.applications).toBeUndefined();
     expect(jsonOutput.ok).toEqual(false);
     expect(jsonOutput.uniqueCount).toBeGreaterThan(0);
     expect(code).toEqual(1);
   }, 30000);
 
+  it('should find vulns on an npm project application image without package-lock.json file', async () => {
+    const { code, stdout } = await runSnykCLI(
+      `container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --json --app-vulns`,
+    );
+    const jsonOutput = JSON.parse(stdout);
+    expect(Array.isArray(jsonOutput)).toBeFalsy();
+    expect(jsonOutput.uniqueCount).toBeGreaterThan(0);
+    expect(code).toEqual(1);
+  }, 60000);
+
+  it('should find vulns on an npm project application image without package.json and package-lock.json file', async () => {
+    const { code, stdout } = await runSnykCLI(
+      `container test docker-archive:test/fixtures/container-projects/npm7-without-package-and-lock-file.tar --print-deps --app-vulns`,
+    );
+    expect(code).toEqual(1);
+    expect(stdout).toContain('Package manager:   npm');
+  }, 60000);
+
   it('should show app vulns tip when available', async () => {
     const { stdout } = await runSnykCLI(
       `container test docker-archive:test/fixtures/container-projects/os-packages-and-app-vulns.tar`,