Examples of Excluding NPM Dependencies

The following examples illustrate three different scenarios for excluding NPM dependencies. All these examples use the following directory structure:

./
  RootProjectDir
    innerSrcDir           
      node_modules
        innerProjectReferencedModule
 	   index.ts
        moduleNotReferencedByProject
	   index.ts
      innerProject.ts (contains import from innerProjectReferencedModule)
    node_modules
      projectReferencedModule
        index.ts
      moduleNotReferencedByProject
        index.ts
    projectMain.ts (contains import from projectReferencedModule)

Example 1

This example shows the files are translated with the default behavior. In this case, com.fortify.sca.follow.imports and com.fortify.sca.exclude.unimported.node.modules are both set to true.

sourceanalyzer RootProjectDir/

The following files are included in the translation for Example 1:

./RootProjectDir/innerSrcDir/innerProject.ts
./RootProjectDir/innerSrcDir/node_modules/innerProjectReferencedModule/index.ts
./RootProjectDir/projectMain.ts
./RootProjectDir/node_modules/projectReferencedModule/index.ts

Example 2

This example shows that in addition to modules referenced by the project, modules found during resolution but not referenced by the project are also included in the translation.

sourceanalyzer RootProjectDir/ -Dcom.fortify.sca.exclude.unimported.node.modules=false

The following files are included in the translation for Example 2:

./RootProjectDir/innerSrcDir/innerProject.ts
./RootProjectDir/innerSrcDir/node_modules/innerProjectReferencedModule/index.ts
./RootProjectDir/innerSrcDir/node_modules/moduleNotReferencedByProject/index.ts
./RootProjectDir/projectMain.ts
./RootProjectDir/node_modules/projectReferencedModule/index.ts
./RootProjectDir/node_modules/moduleNotReferencedByProject/index.ts

Example 3

This example shows use of the -exclude option to exclude all files under any node_modules directory. The -exclude option overrides resolution of modules based on the configuration of the com.fortify.sca.follow.imports and com.fortify.sca.exclude.unimported.node.modules properties.

sourceanalyzer RootProjectDir/ -exclude "**/node_modules/*.*"

The following files are included in the translation for Example 3:

./RootProjectDir/innerSrcDir/innerProject.ts 
./RootProjectDir/projectMain.ts