Skip to content

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

License

Notifications You must be signed in to change notification settings

snyk/nodejs-lockfile-parser

Repository files navigation

Snyk logo


Known Vulnerabilities

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

Snyk Node.js Lockfile Parser

This is a small utility package that parses lock file and returns either a dependency tree or a dependency graph. Dependency graphs are the more modern data type and we plan to migrate fully over.

Dep graph generation supported for:

  • package-lock.json (at Versions 2 and 3)
  • yarn.lock
  • pnpm-lock.yaml (lockfileVersion 5.x, 6.x and 9.x)

Legacy dep tree supported for:

  • package-lock.json
  • yarn 1 yarn.lock
  • yarn 2 yarn.lock