GitHub Community
Does CS search through files like package-lock.json or yarn.lock? #10361
-
|
Is there a list of files CS does not search through? It seems like it never returns results within package-lock.json or yarn.lock files |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
|
Hey @rathpc, we currently exclude files which we think are generated or vendored (including .lock files), see the FAQ here: https://cs.github.com/about/faq#indexed-content |
Beta Was this translation helpful? Give feedback.
-
|
I've definitely heard of people searching yarn.lock files, e.g. for security. It's possible that we could change the rules, but we'll collect some more feedback first. Thanks for sharing! |
Beta Was this translation helpful? Give feedback.
-
|
Hello @colinwm, I am also looking for some feature by which we can include lock files |
Beta Was this translation helpful? Give feedback.
-
|
We'd also benefit from being able to search lock files, thanks @colinwm |
Beta Was this translation helpful? Give feedback.
-
|
We're working on expanding the index to include all files, including lock files, though this is still in progress. Stay tuned! |
Beta Was this translation helpful? Give feedback.
-
|
Hi @colinwm, is there any update on this? We would really benefit to searching into yarn files. |
Beta Was this translation helpful? Give feedback.
-
|
@colinwm Please add an option to include all generated files (package lock or else). I was not even aware that these are being excluded. This creates a "false sense of security". Searching specifically in lock files is not just valuable for security reasons, but simply for identifying usage of packages/versions -- especially in an organization with many repositories. |
Beta Was this translation helpful? Give feedback.
Hey @rathpc, we currently exclude files which we think are generated or vendored (including .lock files), see the FAQ here: https://cs.github.com/about/faq#indexed-content