/nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

Primary LanguageTypeScriptOtherNOASSERTION

Snyk logo


Known Vulnerabilities

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

Snyk Node.js Lockfile Parser

This is a small utility package that parses lock file and returns either a dependency tree or a dependency graph. Dependency graphs are the more modern data type and we plan to migrate fully over.

Dep graph generation supported for:

  • package-lock.json (at Versions 2 and 3)
  • yarn.lock
  • pnpm-lock.yaml (lockfileVersion 5.x, 6.x and 9.x)

Legacy dep tree supported for:

  • package-lock.json
  • yarn 1 yarn.lock
  • yarn 2 yarn.lock