https://github.com/snyk/nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file
https://github.com/snyk/nodejs-lockfile-parser

cli-plugin node snyk snyk-io

Last synced: 10 months ago
JSON representation

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

• Host: GitHub
• URL: https://github.com/snyk/nodejs-lockfile-parser
• Owner: snyk
• License: other
• Created: 2018-08-01T14:55:29.000Z (over 7 years ago)
• Default Branch: main
• Last Pushed: 2025-04-30T16:34:53.000Z (10 months ago)
• Last Synced: 2025-04-30T16:42:02.362Z (10 months ago)
• Topics: cli-plugin, node, snyk, snyk-io
• Language: TypeScript
• Homepage:
• Size: 8.83 MB
• Stars: 70
• Watchers: 99
• Forks: 29
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Contributing: .github/CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
![Snyk logo](https://snyk.io/style/asset/logo/snyk-print.svg)

---

[![Known Vulnerabilities](https://snyk.io/test/github/snyk/nodejs-lockfile-parser/badge.svg)](https://snyk.io/test/github/snyk/nodejs-lockfile-parser)

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

## Snyk Node.js Lockfile Parser

This is a small utility package that parses lock file and returns either a [dependency tree](https://github.com/snyk/nodejs-lockfile-parser/blob/1a495302089614205478d57611bf7c39d29ce66d/lib/parsers/index.ts#L51) or a [dependency graph](https://github.com/snyk/dep-graph). Dependency graphs are the more modern data type and we plan to migrate fully over.

Dep graph generation supported for:

- `package-lock.json` (at Versions 2 and 3)

- `yarn.lock`

- `pnpm-lock.yaml` (lockfileVersion 5.x, 6.x and 9.x)

Legacy dep tree supported for:

- `package-lock.json`

- yarn 1 `yarn.lock`

- yarn 2 `yarn.lock`