phylum parse
Parse dependency files and output their packages as JSON
Usage: phylum parse [OPTIONS] [DEPENDENCY_FILE]...
Argumentsβ
[DEPENDENCY_FILE]
β Path to the dependency file to parse
Optionsβ
-t
, --type
<TYPE>
β Dependency file type used for all lockfiles (default: auto)
β Accepted values: npm
, yarn
, pnpm
, gem
, pip
, poetry
, pipenv
, mvn
, gradle
, msbuild
, nugetlock
, nugetconfig
, gomod
, go
, cargo
, spdx
, cyclonedx
, auto
--skip-sandbox
β Run lockfile generation without sandbox protection
--no-generation
β Disable generation of lockfiles from manifests
-o
, --org
<ORG>
β Phylum organization
-v
, --verbose
...
β Increase the level of verbosity (the maximum is -vvv)
-q
, --quiet
...
β Reduce the level of verbosity (the maximum is -qq)
-h
, --help
β Print help
Detailsβ
The following order is used to determine which dependency file will be parsed:
- CLI
DEPENDENCY_FILE
argument - Dependency files in the
.phylum_project
file specified duringphylum init
- Recursive filesystem search
If any of these locations provides a dependency file, no further search will be
done. Recursive filesystem search takes common ignore files like .gitignore
and .ignore
into account.
Examplesβ
# Parse a dependency file
$ phylum parse package-lock.json
# Parse the `Cargo.lock` and `lockfile` files as cargo dependency files
$ phylum parse --type cargo Cargo.lock lockfile