IDEAS
My Sonatype
Community
We have a Sonatype report which does not show the dependency tree for our NPM build. The scanner follows dependencies to scan them, so why not display the tree? That would save me a LOT of time. The Sonatype UI is quite difficult so I end up working the UI for a lot of teams. It seems that the developers don't use it much or they'd clean up a lot of the inconveniences.
This isn't really a Sonatype Lift issue, it's a problem / bug in the scanner V 144, but the pull down doesn't offer a Sonatype entry. You don't offer "Bug" in the "type" pull down.
Additionally seeing in .NET.
Hi all,
Thank you for taking the time to submit this idea. For clarification, you'd like the ability to see the dependency tree when you scan individual NPM packages outside of scanning the build manifest? I ask because with NPM if the build manifest is supplied the dependency tree is displayed. But I'm gathering from your usage and desire that you are either scanning components from Firewall, or ad-hoc on an individual basis?
If that's the case I can absolutely see the value there. I've marked this as a future consideration so we can revisit it during our planning.
Thank you,
Dariush Griffin
Product Management - Lifecycle
NPM Dependency Tree would definitely be helpful. We cannot locate, sometimes at all sometimes without significant effort, the included component.