feat: multi-folder scan for monorepos with no root lockfile#497
Open
sonukapoor wants to merge 11 commits into
Open
feat: multi-folder scan for monorepos with no root lockfile#497sonukapoor wants to merge 11 commits into
sonukapoor wants to merge 11 commits into
Conversation
Replace dynamic await import() calls for hasRootLockfile, findNestedLockfiles, and handleMultiFolderScan with static top-level imports, consistent with the rest of the file. Update cli-integration.test.ts to mock the new statically imported modules so Jest resolves them correctly.
…n multi-folder report
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #496
When
cve-lite .is run from a directory with no root lockfile but 2 or more nested lockfiles, the tool now automatically scans all nested packages and presents results grouped by subfolder.What changed
src/index.ts— activates multi-folder mode when no root lockfile exists and 2+ nested lockfiles are found; falls through to the existing single-folder path otherwisesrc/parsers/multi-package.ts—findNestedLockfileswalks subdirectories and stops recursing when a lockfile is found (prevents double-counting),loadMultiplePackagesreturns oneScanInputper subfoldersrc/scan/multi-folder-scan.ts— orchestrates the existing scan pipeline once per folder; handles--json,--report,--fail-on, and unsupported flag messages for--fix/--sarif/--cdxsrc/output/multi-folder-printer.ts— terminal output with a folder header per result, compact and verbose modes both supported, fix commands prefixed withcd subfolder &&src/output/multi-folder-html-reporter.ts— single HTML report with collapsible folder sections using the same<details>/<summary>arrow pattern and design as the existing reportsrc/remediation/fix-commands.ts— newsubfolderoption prefixes all generated commands withcd subfolder &&examples/no-root-package/— test fixture withsessionManager/(axios@1.7.7) andapiServer/(lodash@4.17.20), no rootpackage.jsonSingle-folder scans, workspace scans, and all existing examples are unaffected.