Proposal for Extending CLI Arguments for Customization

[topikachu]

In our project, we often require additional arguments to customize the behavior of the package tool commands. For example:

• For our npm project, we need to pass arguments like --force when resolving dependencies.
• For Maven projects, we frequently use the -Dexcludes argument to exclude internal libraries.

To streamline this, I propose adding new CLI arguments such as --npm-args, --mvn-args, and similar options for other tools (like Yarn). This would allow users to specify custom arguments for different tools directly in the CLI.

If this approach sounds reasonable, I'd be happy to contribute an implementation that supports these options for npm, mvn, and yarn.

Let me know your thoughts!

[CarlTern]

Hi topikachu, thank you for sharing your ideas on CLI argument extensions.

The 'resolve' command was designed to be a quick and simple way of automatically ensuring that you have all lock files within your repository generated prior to scanning with Debricked.

We have not focused on adding support for more advanced use cases since the command by default does not overwrite any existing lock files and we wanted to keep it as simple as possible with "sane defaults". If one requires specific arguments to be passed during resolution, it is therefore possible to run the commands on their own before running 'debricked resolve'.

If you would like to resolve manually, the exact way default resolution is being done in the command can be found in the README’s in each package managers folder here https://github.com/debricked/cli/tree/main/internal/resolution/pm.

To get some background for this particular issue, is the reason behind it to reduce the amount of commands that have to be run prior to a scan, or were you unaware of the default non-override behaviour of the ‘resolve’ command?