npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

lock file dependency tree, or install from lock file

Is there any way to do an ls against the lock file? or install from the lock file only and then ls against that?

i’m trying to figure out where a vulnerability showed up in my dependency tree, but i can’t install from the lock file, so i can’t recreate a node_modules folder with the vulnerability that i’m looking for. but looking at this old lock file, it looks like i can manually step through and see where this vulnerable package is ultimately called from, but i’d rather look at a tree than yo-yo around a lock file.

is there any way to figure out why or where a dependency would be installed? i’m looking at an out of date dependency that fails on npm install, but because it fails nothing installs so there’s no way to determine which package brought in the broken dependency.

i’m just looking for a way to track down the problem within the dependency tree and there seems to be no way to do it with npm.