Add support for scanning dependencies in package.json #1453
Comments
|
As we already have a json parser, should we add support for package.json as an add-on for the json parser (as package.json at it's core is just "json"), or should we create a new parser which would specially deal with files named "package.json"? |
|
@XDRAGON2002 I have a working prototype function which scans the package.json file and extracts the packages and version numbers before finding the vendor. However there needs to be better product/vendor matching which #1504 is in the process of resolving. I think it needs to be separate to the json parser although I will look at this to see if can be used. |
|
That's great! |
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Jan 25, 2022
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Feb 7, 2022
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Feb 7, 2022
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Feb 7, 2022
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Feb 8, 2022
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Feb 8, 2022
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Feb 8, 2022
anthonyharrison
added a commit
to anthonyharrison/cve-bin-tool
that referenced
this issue
Feb 13, 2022
terriko
pushed a commit
to terriko/cve-bin-tool
that referenced
this issue
Mar 9, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add support for javascript dependencies included in package.json.
File format is described in [https://docs.npmjs.com/cli/v8/configuring-npm/package-json#dependencies]
The text was updated successfully, but these errors were encountered: