mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
FOSSA analysis by default checks for dependencies in the following order: 1. Parse output from `npm ls --json --production` - Runs if npm exists on the system and provides an accurate list of all dependencies needed to build the production project. 2. Parse `package.json` - Runs if `package.json` can be successfully parsed into a dependency graph. 3. Run yarn list --json - This command verifies through yarn what the actual dependencies which are installed on the system are. This strategy runs with `NODE_ENV=production` by default to find production dependencies. 4. Parse `yarn.lock` - Detects dependencies based on the yarn lockfile. 5. Parse `npm-shrinkwrap.json` - Detects dependencies based on the lockfile. 6. Parse `package-lock.json` - Detects dependencies based on the lockfile. Since our dependencies specified in `package.json` use compatible version matching (`^`), the reported version would often not be what the `yarn.lock` is currently specified to use. Because of this, we are defining a single module with a strategy on `yarn.lock`. Our `yarn.lock` file includes all dependencies. Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
This commit is contained in:
Tyler Smalley
GitHub
parent
467b3bdb3d
commit
731f117b91
1 changed files with 15 additions and 0 deletions
15
.fossa.yml
Executable file
15
.fossa.yml
Executable file
|
|
@ -0,0 +1,15 @@
|
|||
# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
|
||||
# Visit https://fossa.com to learn more
|
||||
|
||||
version: 2
|
||||
cli:
|
||||
server: https://app.fossa.com
|
||||
fetcher: custom
|
||||
project: kibana
|
||||
analyze:
|
||||
modules:
|
||||
- name: kibana
|
||||
type: nodejs
|
||||
strategy: yarn.lock
|
||||
target: .
|
||||
path: .
|
||||
Loading…
Add table
Add a link
Reference in a new issue