0b6674edf5
FOSSA analysis by default checks for dependencies in the following order: 1. Parse output from `npm ls --json --production` - Runs if npm exists on the system and provides an accurate list of all dependencies needed to build the production project. 2. Parse `package.json` - Runs if `package.json` can be successfully parsed into a dependency graph. 3. Run yarn list --json - This command verifies through yarn what the actual dependencies which are installed on the system are. This strategy runs with `NODE_ENV=production` by default to find production dependencies. 4. Parse `yarn.lock` - Detects dependencies based on the yarn lockfile. 5. Parse `npm-shrinkwrap.json` - Detects dependencies based on the lockfile. 6. Parse `package-lock.json` - Detects dependencies based on the lockfile. Since our dependencies specified in `package.json` use compatible version matching (`^`), the reported version would often not be what the `yarn.lock` is currently specified to use. Because of this, we are defining a single module with a strategy on `yarn.lock`. Our `yarn.lock` file includes all dependencies. Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
16 lines
292 B
YAML
Executable file
16 lines
292 B
YAML
Executable file
# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
|
|
# Visit https://fossa.com to learn more
|
|
|
|
version: 2
|
|
cli:
|
|
server: https://app.fossa.com
|
|
fetcher: custom
|
|
project: kibana
|
|
analyze:
|
|
modules:
|
|
- name: kibana
|
|
type: nodejs
|
|
strategy: yarn.lock
|
|
target: .
|
|
path: .
|