Examples of excluding NPM dependencies

The following examples illustrate three different scenarios for excluding NPM dependencies. All these examples use the following directory structure:

./
 RootProjectDir
 innerSrcDir 
 node_modules
 innerProjectReferencedModule
 	 index.ts
 moduleNotReferencedByProject
	 index.ts
 innerProject.ts (contains import from innerProjectReferencedModule)
 node_modules
 projectReferencedModule
 index.ts
 moduleNotReferencedByProject
 index.ts
 projectMain.ts (contains import from projectReferencedModule)

Example 1

This example shows the files are translated with com.fortify.sca.exclude.unimported.node.modules set to false. In this case, com.fortify.sca.follow.imports and com.fortify.sca.exclude.unimported.node.modules are both set to true.

sourceanalyzer RootProjectDir/ -Dcom.fortify.sca.exclude.node.modules=false

The following files are included in the translation for Example 1:

./RootProjectDir/innerSrcDir/innerProject.ts
./RootProjectDir/innerSrcDir/node_modules/innerProjectReferencedModule/index.ts
./RootProjectDir/projectMain.ts
./RootProjectDir/node_modules/projectReferencedModule/index.ts

Example 2

This example shows that in addition to modules referenced by the project, modules found during resolution but not referenced by the project are also included in the translation.

sourceanalyzer RootProjectDir/ -Dcom.fortify.sca.exclude.unimported.node.modules=false

The following files are included in the translation for Example 2:

./RootProjectDir/innerSrcDir/innerProject.ts
./RootProjectDir/innerSrcDir/node_modules/innerProjectReferencedModule/index.ts
./RootProjectDir/innerSrcDir/node_modules/moduleNotReferencedByProject/index.ts
./RootProjectDir/projectMain.ts
./RootProjectDir/node_modules/projectReferencedModule/index.ts
./RootProjectDir/node_modules/moduleNotReferencedByProject/index.ts

Example 3

This example shows use of the -exclude option to exclude all files under any node_modules directory. The -exclude option overrides resolution of modules based on the configuration of the com.fortify.sca.follow.imports and com.fortify.sca.exclude.unimported.node.modules properties.

sourceanalyzer RootProjectDir/ -exclude "**/node_modules/*.*"

The following files are included in the translation for Example 3:

./RootProjectDir/innerSrcDir/innerProject.ts 
./RootProjectDir/projectMain.ts