snyk · lili2311 · Feb 18, 2019 · Feb 14, 2019
diff --git a/.gitignore b/.gitignore
@@ -6,6 +6,6 @@ local.log
 /dist
 tmp
 .DS_Store
-package-lock.json
+/package-lock.json
 !/test/fixtures/**/package-lock.json
 .idea
diff --git a/src/cli/commands/test.ts b/src/cli/commands/test.ts
@@ -30,7 +30,6 @@ async function test(...args) {
   if (args.length === 0) {
     args.unshift(process.cwd());
   }
-
   // org fallback to config unless specified
   options.org = options.org || config.org;
   // making `show-vulnerable-paths` true by default.

diff --git a/src/lib/plugins/npm/index.js b/src/lib/plugins/npm/index.js
@@ -3,6 +3,7 @@ const fileSystem = require('fs');
 const fs = require('then-fs');
 const path = require('path');
 const lockFileParser = require('snyk-nodejs-lockfile-parser');
+const _ = require('lodash');
 
 module.exports = {
   inspect,
@@ -62,7 +63,8 @@ async function generateDependenciesFromLockfile(root, options, targetFile) {
   const lockFile = await fs.readFile(lockFileFullPath, 'utf-8');
   const defaultManifestFileName = path.relative(root, manifestFileFullPath);
 
+  const strictOutOfSync = _.get(options, 'strictOutOfSync', true);
   return lockFileParser.buildDepTree(manifestFile, lockFile, options.dev,
-    lockFileParser.LockfileType.npm, true, defaultManifestFileName);
+    lockFileParser.LockfileType.npm, strictOutOfSync, defaultManifestFileName);
 }
 
diff --git a/src/lib/plugins/yarn/index.js b/src/lib/plugins/yarn/index.js
@@ -4,6 +4,7 @@ const fs = require('then-fs');
 const path = require('path');
 const lockFileParser = require('snyk-nodejs-lockfile-parser');
 const debug = require('debug')('snyk');
+const _ = require('lodash');
 
 module.exports = {
   inspect,
@@ -76,8 +77,9 @@ async function generateDependenciesFromLockfile(root, options, targetFile) {
   const lockFile = await fs.readFile(lockFileFullPath, 'utf-8');
   const defaultManifestFileName = path.relative(root, manifestFileFullPath);
 
+  const strictOutOfSync = _.get(options, 'strictOutOfSync', true);
   return lockFileParser.buildDepTree(manifestFile, lockFile, options.dev,
-    lockFileParser.LockfileType.yarn, true, defaultManifestFileName);
+    lockFileParser.LockfileType.yarn, strictOutOfSync, defaultManifestFileName);
 }
 
 function getRuntimeVersion() {

diff --git a/src/lib/snyk-test/npm/index.js b/src/lib/snyk-test/npm/index.js
@@ -149,7 +149,8 @@ function generateDependenciesFromLockfile(root, options, targetFile) {
   debug(resolveModuleSpinnerLabel);
   return spinner(resolveModuleSpinnerLabel)
     .then(() => {
-      return lockFileParser.buildDepTree(manifestFile, lockFile, options.dev, lockFileType);
+      const strictOutOfSync = _.get(options, 'strictOutOfSync', true);
+      return lockFileParser.buildDepTree(manifestFile, lockFile, options.dev, lockFileType, strictOutOfSync);
     })
     // clear spinner in case of success or failure
     .then(spinner.clear(resolveModuleSpinnerLabel))