feat: npm-lock-v2 depgraph builder implementation

snyk / nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

Other

59 stars 28 forks source link

feat: npm-lock-v2 depgraph builder implementation #173

Closed JamesPatrickGill closed 1 year ago

JamesPatrickGill commented 1 year ago

This is a PR to add support for package-lock.json parsing for both lockfile versions 2 and 3. It follows the newer convention of standalone parsing function for ditinct lockfile parsing.

Additionally , it is true we curently support npm lock version 2 lockfiles but this is due to a backwards compatability consideration made by npm. This offers a new way to parse them - the same way we would parse npm lock version 3 files.

snyksec commented 1 year ago

:tada: This PR is included in version 1.47.0 :tada:

The release is available on:

npm package (@latest dist-tag)
GitHub release

Your semantic-release bot :package::rocket: