From d3abcc7259420f4112154ec29a4102a7da9e2374 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Fri, 21 Oct 2022 07:13:53 -0400
Subject: [PATCH] fix #4972: do not add node_modules to the scan path or we
 will force a scan of yarn.lock

---
 .../org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 154a0f6dde4..0524a1adb41 100644
--- a/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -1594,6 +1594,7 @@ private ExceptionCollection collectDependencies(Engine engine, MavenProject proj
                 mixedLangSet.addInclude("go.mod");
                 mixedLangSet.addInclude("yarn.lock");
                 mixedLangSet.addInclude("pnpm-lock.yaml");
+                mixedLangSet.addExclude("/node_modules/");
             } catch (IOException ex) {
                 if (exCol == null) {
                     exCol = new ExceptionCollection();