sonarqube-licensecheck NPM utilize package-lock.json or yarn.lock for packages if node

NPM utilize package-lock.json or yarn.lock for packages if node_modules not present

Open awoodobvio opened this issue 9 months ago • 1 comments

Had a tough time getting this plugin to work since we don't scan our code base with sonarqube with node_modules present. Our other license scanner uses package-lock.json or yarn.lock and was hoping this one would do the same.

Workaround: make sure npm ci or yarn install was called prior to running sonar-scanner.

May 08 '24 01:05 awoodobvio

sonarqube-licensecheck sonarqube-licensecheck copied to clipboard

NPM utilize package-lock.json or yarn.lock for packages if node_modules not present

sonarqube-licensecheck
sonarqube-licensecheck copied to clipboard