Open milahu opened 2 years ago
good news, nodejs-lockfile-parser v1.53.0 has added pnpm support
so no more need for parse-package-lock (was never used in pnpm-install-only)
but we still need a fork of nodejs-lockfile-parser, to get resolved + integrity fields todo: update fork to v1.53.0
snyk-nodejs-lockfile-parser cannot parse pnpm lockfiles
workaround from github-actions-pnpm-snyk
see processPnpmLockfile.ts or processPnpmLockfile.js
via https://github.com/snyk/nodejs-lockfile-parser/issues/111
see also @pnpm/lockfile-walker