Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Javascript --required-only doesn't include transitive dependencies

See original GitHub issue

When using the --required-only option, cdxgen uses babel-parser to find the imports in the source files as described at

The problem is that it doesn’t include the dependencies of the dependencies it finds… and it needs to do so as those transitive dependencies are required.

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:8

github_iconTop GitHub Comments

candrewscommented, Sep 23, 2022

For Javascript, I don’t have one off the top of my head, but I’m highly confident they exist.

One I do know off the top of my head is log4shell. A project would depend on something which depends on log4j, and the vulnerability in log4j is exploitable. This example is burned into my memory as it was such a big deal and continues to be a big deal.

prabhucommented, Oct 4, 2022

4.0.37 includes this feature. Thank you.

Read more comments on GitHub >

github_iconTop Results From Across the Web

RequireJS: How can I handle transitive dependencies failures?
I'm using RequireJS 2.1.15, and I have trouble getting the errback that I pass to the library to be executed. Here is a...
Read more >
Maven – Optional Dependencies and Dependency Exclusions
Since Maven resolves dependencies transitively, it is possible for unwanted dependencies to be included in your project's classpath. For example, a certain ...
Read more >
How to Exclude Gradle Dependencies - Tom Gregory
When you declare a dependency in your build script, Gradle automatically pulls any transitive dependencies (dependencies of that dependency) ...
Read more >
How do I exclude specific transitive dependencies of ...
Subproject B depends on module M which has a required dependency on X. /a/build.gradle: dependencies { compile libraries.l }.
Read more >
Dependency Management —
During fetching, Maven will analyze all transitive dependencies (see ... Do not include “testing only” dependencies in the final package - it will...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found