How to Improve Javascript Matching to Reduce License Policy Violations

When Javascript files are scanned, the file is matched to a component in order to identify the applicable license. In some cases Javascript files may be present in more than one component which makes identifying the correct package more difficult.

Modifying the build to scan the package.json files associated with the components being scanned will produce better identification and more accurate license associations.

In cases where the package.json was not included in the scan and the Javascript file exists in multiple components, the security vulnerabilities identified will still be valid since those are associated directly to the Javascript files that contain them.

Information about how package.json matching improves Javascript identification is provided in this announcement:

Have more questions? Submit a request


Article is closed for comments.