Scan for npm package-lock.json when scanning a NuGet solution/project
Created:
3/7/2023 9:33:40 AM by crotondo-dap
Status:
closed on 3/7/2023 11:08:25 AM
Last pulled:
3/7/2023 11:08:25 AM
Description:
Hi,
within Issue #25 you added a support to scan for npm package-lock-json when scanning a NuGet solution.
Unfortunately, we do not want parts of this behavior.
I can't see a switch to control this behavior. If I call 'pgscan identify' on a solution it automatically takes npm-dependencies into account, even if I say the type is "nuget". Am I missing something here? Or is it not possible to control this?
Further, all package-lock-json files are read recursively. Until now we were able to give pgscan a specific path to a specific package-lock-json. We don't want every file to be scanned. It doesn't seem to give a switch here neither?
So maybe adding a switch would be an option - which controls if all package-lock.json files should be taken into account automatically or not. Or an additional parameter to give the specific path to the package-lock.json if one wants to do it in one call but with only one specific package-lock.json file.
Let me know if I am missing something and what you think about this suggestions.