Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add pnpm audit support #445

Open
apazzolini opened this issue Sep 18, 2021 · 1 comment
Open

Add pnpm audit support #445

apazzolini opened this issue Sep 18, 2021 · 1 comment

Comments

@apazzolini
Copy link

It would be great if salus supported pnpm support in addition to npm and yarn. The output of pnpm audit --json is identical to NPM, so hopefully this is a simple request :)

One caveat to be aware of is that pnpm places the lockfile at the the root of the repository in a monorepo/workspaces setup. For example:

package-a/
  package.json
package-b/
  package.json
package.json
pnpm-lock.yaml

If package-a had its own salus-config.yaml, and we were running the scanner with --repo_path=/some/path/to/package-a, the should_run check would need to recursively look upwards for the folder containing .git and see if pnpm-lock.yaml exists at the same level.
@apazzolini apazzolini mentioned this issue Sep 18, 2021
Merged
@ghbren
Copy link
Contributor

ghbren commented Nov 12, 2021
edited

@apazzolini Apologies, we missed your message earlier, and thank you for describing the caveats.

Unfortunately, this will not be a very simple task. We most likely will not be able to look into pnpm until next year and we might not be able to support it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@apazzolini @ghbren and others