It would be great if salus supported pnpm support in addition to npm and yarn. The output of pnpm audit --json is identical to NPM, so hopefully this is a simple request :)
One caveat to be aware of is that pnpm places the lockfile at the the root of the repository in a monorepo/workspaces setup. For example:
package-a/
package.json
package-b/
package.json
package.json
pnpm-lock.yaml
If package-a had its own salus-config.yaml, and we were running the scanner with --repo_path=/some/path/to/package-a, the should_run check would need to recursively look upwards for the folder containing .git and see if pnpm-lock.yaml exists at the same level.
It would be great if salus supported pnpm support in addition to npm and yarn. The output of
pnpm audit --jsonis identical to NPM, so hopefully this is a simple request :)One caveat to be aware of is that pnpm places the lockfile at the the root of the repository in a monorepo/workspaces setup. For example:
If
package-ahad its ownsalus-config.yaml, and we were running the scanner with--repo_path=/some/path/to/package-a, theshould_runcheck would need to recursively look upwards for the folder containing.gitand see ifpnpm-lock.yamlexists at the same level.