![]() The crux of this approach is that we do "coordinate" or "name based matching", which we've found to be reliable in the JavaScript ecosystem, but it will not catch corner cases such as if you've: Once it has done this, it takes the list and converts it into something that we use to communicate with Sonatype Nexus IQ Server. This will capture your declared as well as transititive dependencies. The full scoopĪuditJS functions by traversing your node_modules folder in your project, so it will pick up the dependencies that are physically installed. If you want total visibility, please use the Sonatype Nexus IQ CLI Scanner. dev, -d Include Development Dependencies ĪuditJS usage with IQ Server, and what to expect TL DRĪuditJS should catch most if not the exact same amount of issues as the Sonatype Nexus IQ CLI Scanner. password, -p Specify password for request [default: " -timeout, -t Specify an optional timeout in seconds for IQ Server ![]() application, -a Specify IQ application public ID ![]() Audit this application using Nexus IQ Server
0 Comments
Leave a Reply. |