yarn2 and node 8 support

snyk / nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

Other

59 stars 28 forks source link

yarn2 and node 8 support #90

Closed patsplat closed 3 years ago

patsplat commented 3 years ago

Yarn 2 support was removed because Yarn 2 requires node>10

It is not necessary to depend on @yarnpkg/core to parse the lockfile. The Yarn 2 lockfile is yaml and should be parseable by yaml. The yaml dependency only requires node>6. It seems the main issue would be forking parseDescriptor and parseRange into nodejs-lockfile-parser.

What is the appetite for a PR modifying #85 to bring back yarn2 support in a way that also supports node 8?

abdulhannanali commented 3 years ago

Looks like this should be closed, since there's already Yarn v2 support

orsagie commented 3 years ago

Hi @patsplat, Sorry we never got back to you. We will do a better job of looking at issues on our repos in future.

We recently re-added Yarn2 support to the parser (soon to be done in CLI too: https://github.com/snyk/snyk/pull/1794) as node 8 support was discontinued for our CLI.