Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"jf audit " for pnpm project scan did not support monorepo #283

Open
liwei2151284 opened this issue Jan 8, 2025 · 0 comments
Open

"jf audit " for pnpm project scan did not support monorepo #283

liwei2151284 opened this issue Jan 8, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@liwei2151284
Copy link

Describe the bug

The "jf audit" for pnpm project scan does not support monorepos. It can only scan the dependencies in the root directory and cannot recognize dependencies under other packages.

After reviewing the code, it appears that this limitation is due to the fact that the pnpm ls command does not support the -r or --filter parameters, so it is unable to resolve all dependency information.

Current behavior

It can only scan the dependencies in the root directory and cannot recognize dependencies under other packages.

Reproduction steps

git clone https://github.com/astonishqft/pnpm-monorepo-demo.git
cd pnpm-monorepo-demo
pnpm install
pnpm ls
pnpm ls -r
jf audit --pnpm=true

Expected behavior

It is necessary to scan for vulnerabilities in all packages.

JFrog CLI-Security version

2.73.0

JFrog CLI version (if applicable)

No response

Operating system type and version

ubuntu 22.04

JFrog Xray version

jfrog cloud saas
@liwei2151284 liwei2151284 added the bug Something isn't working label Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@liwei2151284