Internet Explorer is no longer supported. Many things will still work, but your experience will be degraded and some things won't function. Please use a modern browser such as Edge, Chrome, or Firefox.

Issues Overview

This application is not configured to allow new issues to be created.

301.4.4openDo not scan node_modules directory when scanning for npm from NuGet
261.4.4closedAdd YARN support for npm
271.4.3closedScan for npm package-lock.json when scanning a NuGet solution/project
Hi, within Issue #25 you added a support to scan for npm package-lock-json when scanning a NuGet solution. Unfortunately, we do not want parts of this behavior. I can't see a switch to control this behavior. If I call 'pgscan identify' on a solution it automatically takes npm-dependencies into account, even if I say the type is "nuget". Am I missing something here? Or is it not possible to control this? Further, all package-lock-json files are read recursively. Until now we were able to give pgscan a specific path to a specific package-lock-json. We don't want every file to be scanned. It doesn't seem to give a switch here neither? So maybe adding a switch would be an option - which controls if all package-lock.json files should be taken into account automatically or not. Or an additional parameter to give the specific path to the package-lock.json if one wants to do it in one call but with only one specific package-lock.json file. Let me know if I am missing something and what you think about this suggestions.
251.4.2closedAdd support to scan for npm package-lock.json when scanning a NuGet solution/project
231.4.2closedFIX: identify command does not implement --consider-project-references parameter
241.4.2closedAdd support to append dependencies to an existing release when using the identify command