github.com/joey-fossa/fossa-cli@v0.7.34-0.20190708193710-569f1e8679f0/docs/integrations/nodejs.md

github.com/joey-fossa/fossa-cli@v0.7.34-0.20190708193710-569f1e8679f0/docs/integrations/nodejs.md (about)

     1  # Node.js
     2  
     3  ## Support
     4  
     5  Node.js support in FOSSA CLI depends on the following tools existing in your environment:
     6  
     7  - Node.js (defaults to `node`, configure with `$FOSSA_NODE_CMD`)
     8  - NPM (defaults to `npm`, configure with `$NPM_BINARY`)
     9  
    10  ## Configuration
    11     
    12  Automatic: Run `fossa init` to detect all `package.json` files in the file tree not located inside of a `node_modules` folder.
    13  
    14  Manual: Add a `nodejs` module with path and target set to the directory where the `package.json` file is located in your project.
    15  
    16  ```yaml
    17  analyze:
    18    modules:
    19      - name: your-nodejs-project
    20        type: nodejs
    21        path: .
    22        target: .
    23  ```
    24  
    25  ## Analysis
    26  
    27  Analysis for nodejs projects is executed a number of ways starting with the most accurate method and falling back to the least likely method to succeed as ordered:
    28  1. Parse output from `npm ls --json --production` - Runs if `npm` exists on the system and provides an accurate list of all dependencies needed to build the production project.
    29  2. Parse `package.json` - Runs if `package.json` can be successfully parsed into a dependency graph.
    30  3. Parse `yarn.lock` - Final strategy which detects dependencies based on the yarn lockfile.
    31  
    32  ## Known limitations
    33  
    34  - We assume that your Node packages are installed at `node_modules`. Currently we do not offer a way to read this directory to determine what packages are installed.