Dependencycheck: Yarn install compatibility

Created on 15 Sep 2020  路  1Comment  路  Source: jeremylong/DependencyCheck

Hi, I'm scanning a NodeJS project that has several package.json files in different folders. The developers use yarn for installing dependencies instead of npm so after running yarn command the package-lock files are not created (only node_modules folder).
When I run Dependency Check I get an error message for each package.json in the project because it does not find the corresponding package-lock (that should be created after running npm).

Is there a way of not getting these exceptions in my report? I believe I'm still finding all the dependencies in the project. Yarn creates the node_modules folder and that's where D-Check finds them.

Please tell me if I'm correct. Thanks!

question
Source
picture mattmedus

Most helpful comment

Hi,

I'm also using yarn and dep-check, you will have to convert yarn.lock into package-json.lock.
There's a npm package for this for this : 

npm install -g synp ( or yarn global add synp )
synp --source-file yarn.lock
picture sebastienroux on 25 Sep 2020
👍3

>All comments

Hi,

I'm also using yarn and dep-check, you will have to convert yarn.lock into package-json.lock.
There's a npm package for this for this : 

npm install -g synp ( or yarn global add synp )
synp --source-file yarn.lock
sebastienroux picture sebastienroux on 25 Sep 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

maartengo picture maartengo  路  23Comments
alexanderkjall picture alexanderkjall  路  21Comments
DanielRuf picture DanielRuf  路  16Comments
albuch picture albuch  路  16Comments
gregory-lyons picture gregory-lyons  路  21Comments