Skip to content


Repository files navigation

TrustSource ts-node-client

Version Downloads Downloads Apache-2.0 License

npm package

TrustSource node client - node module to transfer dependency information to TrustSource server.

Release 3.4.0

Migrated to TrustSource API v2

Release 3.2.0

Package now support package-lock.json v.3

Release 3.1.0

Package now support yarn v.2+

Release 3.0.0

Package now is not including npm anymore. The addition has been done due to missing programmatic API in npm >= 8.0.0 and in order to skip deprecated dependencies

This change affects the structure of scans slightly, but it heavily improves the scanner.


  • node >= 12.0.0 use ts-node-client@3.1.+*

Older versions

  • node >= 8.9.0
  • npm < 8.0.0 use ts-node-client@1.*
  • npm >= 8.0.0 use ts-node-client@2.*


Run: npm install --save-dev ts-node-client or yarn add --dev ts-node-client

You can add install_and_scan script to the package.json file to install and transfer dependency information using one command npm run install_and_scan:

"scripts": {
  "install_and_scan": "npm install && ts-node-client -k apiKey -p Project"

To store your credentials for automated transfer you may create .tsrc.json in your project directory or in your home directory to set credentials globally (not recommended!)

.tsrc.json example:

  "apiKey": "apiKey",
  "url": "",
  "project": "Project Description"


You also may initiate transfer to TrustSource server manually by executing following command via terminal:

node_modules/.bin/ts-node-client -k apiKey -p Project --breakOnWarnings false --breakOnViolations true
node_modules/.bin/ts-node-client -c config.json 
npm / node module to transfer dependency information to TrustSource server.

  --apiKey, -k    apiKey                                             [default: null]
  --project, -p   Project name                                       [default: null]
  --branch, -b    Scan branch                                        [default: null]
  --tag, -t       Scan tag                                           [default: null]
  --binaryLinks   Binary links separated by comma                    [default: null]
  --url           url                                                [default: null]
  --config, -c    Config path                                        [default: null]
  --proxy         Proxy url like 'https://user:password@host:port'   [default: null]
  --version       Prints a version                                   [default: null]
  --saveAs, -o              Save as file (file name prefix)          [default: null]
  --saveAsFormat, -f      Save as format (scan / cydx / spdx)       [default: null]
  --debug                                                            [default: null]
  --simulate                                                         [default: null]
  --includeDevDependencies                                           [default: null]
  --meteor                                                           [default: null]
  --breakOnWarnings                                                  [default: null]
  --breakOnViolations                                                [default: null]
  --help          Prints a usage statement                           [boolean]

PLEASE NOTE: if you want to pass param into function you should add value, for example:

--breakOnViolations true or --saveAs sbom

Software bill of materials

View SBOM TrustSource

Known problems

Error: The programmatic API was removed in npm v8.0.0

You should upgrade to 2.* versions of ts-node-client

Changelog available inside

[DEPRECATED] Changelog


  • cli -> package-lock.json parse
  • npm removed
  • updated dependencies


  • Migrate 1.6.* - 1.8.* changes to version 2.1
  • Bump dependencies


  • Support new scan tool and fix problem with programmatic API for >= npm@8.0.0
  • Stop usage of global-npm until we find new resolution
  • Get back npm as local dependency


  • SBOM
  • --saveAs and --saveAsFormat
  • Bump minimist from 1.2.5 to 1.2.6
  • Bump urijs from 1.19.10 to 1.19.11
  • replace packageurl-js with simple local function
  • improve docs


  • request -> axios
  • fix dependencies
  • doc fixes


  • --breakOnWarnings and --breakOnViolations
  • Bump devDependencies


  • Describe Error: The programmatic API was removed in npm v8.0.0
  • Bump devDependencies
  • Introduce sonarjs


  • Bump glob-parent from 5.1.1 to 5.1.2
  • Bump path-parse from 1.0.6 to 1.0.7
  • Bump lodash from 4.17.19 to 4.17.21
  • Bump y18n from 4.0.0 to 4.0.1
  • Added:
    • option --includeDevDependencies. It is allow to scan dev dependencies


  • Use global-npm (meaning npm is no longer a dependency of ts-node-client)


  • Added:
    • option --brakeOnViolations. It is fail build in case any violations after scan transferred.
    • option --brakeOnWarnings. It is fail build in case any warning after scan transferred.


  • userName is not required param for scans
  • Support usage of scan meta param binaryLinks inside Options definition


  • Node JS and dependencies updates "node": ">= 8.12.0"


  • Improve variable usage and tasks migration
  • Support usage of scan meta params: branch and tag inside Options definition
  • Skip npmDependency without names
  • Update travis config
  • Update dependency to resolve vulnerabilities


  • Added proxy support and config
  • Update travis config
  • Updated with
  • Updated default url to
  • Added windows support
  • Fixed json
  • Removed:
    • options: --credentials and --credentialsFile instead you should use --config.
    • option --baseUrl instead you should use --url.
  • Added:
    • option --config. It is similar to credentials, but it will contain any config information.
    • option --url. It is similar to baseUrl.
    • option --apiKey and --userName so it will be unnecessary to create .tsrc.json file.
    • options --version and --help.
    • options shortcut.

