Debricked currently supports tracking JavaScript dependencies via:
-
NPM, using package.json and package-lock.json files
-
Yarn, using package.json and yarn.lock files
-
Bower, using bower.json files
We recommend committing the lock files in order to get the most accurate tracking, as they contain resolved versions of the direct and indirect dependencies. If you only commit the package.json file, we will update all dependencies to their latest available versions as defined by your version constraints.
For bower.json files, we will update all dependencies to their latest available versions as defined by your version constraints.
If at least one of the supported files is committed to your repository, it will be automatically scanned for dependencies when you have done any of our integrations to your CI/CD pipeline.
Supported file formats and features:
| Language | Package Manager | Supported File Formats | Root dependencies | Indirect dependencies | Dependency trees | Security Scanning | License Scanning | Root Fix | Pull Request |
| JavaScript | Bower | bower.json | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| npm | package.json | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| package-lock.json | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| yarn | package.json | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| yarn.lock | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Have a look at the overview of all supported languages.