github.com/joey-fossa/fossa-cli@v0.7.34-0.20190708193710-569f1e8679f0/docs/integrations/nodejs.md (about) 1 # Node.js 2 3 ## Support 4 5 Node.js support in FOSSA CLI depends on the following tools existing in your environment: 6 7 - Node.js (defaults to `node`, configure with `$FOSSA_NODE_CMD`) 8 - NPM (defaults to `npm`, configure with `$NPM_BINARY`) 9 10 ## Configuration 11 12 Automatic: Run `fossa init` to detect all `package.json` files in the file tree not located inside of a `node_modules` folder. 13 14 Manual: Add a `nodejs` module with path and target set to the directory where the `package.json` file is located in your project. 15 16 ```yaml 17 analyze: 18 modules: 19 - name: your-nodejs-project 20 type: nodejs 21 path: . 22 target: . 23 ``` 24 25 ## Analysis 26 27 Analysis for nodejs projects is executed a number of ways starting with the most accurate method and falling back to the least likely method to succeed as ordered: 28 1. Parse output from `npm ls --json --production` - Runs if `npm` exists on the system and provides an accurate list of all dependencies needed to build the production project. 29 2. Parse `package.json` - Runs if `package.json` can be successfully parsed into a dependency graph. 30 3. Parse `yarn.lock` - Final strategy which detects dependencies based on the yarn lockfile. 31 32 ## Known limitations 33 34 - We assume that your Node packages are installed at `node_modules`. Currently we do not offer a way to read this directory to determine what packages are installed.