Skip to main content

phylum parse

Parse dependency files and output their packages as JSON

Usage: phylum parse [OPTIONS] [DEPENDENCY_FILE]...

Arguments​

[DEPENDENCY_FILE]   Path to the dependency file to parse

Options​

-t, --type <TYPE>   Dependency file type used for all lockfiles (default: auto)   Accepted values: npm, yarn, pnpm, gem, pip, poetry, pipenv, mvn, gradle, msbuild, nugetlock, nugetconfig, gomod, go, cargo, spdx, cyclonedx, auto

--skip-sandbox   Run lockfile generation without sandbox protection

--no-generation   Disable generation of lockfiles from manifests

-o, --org <ORG>   Phylum organization

-v, --verbose...   Increase the level of verbosity (the maximum is -vvv)

-q, --quiet...   Reduce the level of verbosity (the maximum is -qq)

-h, --help   Print help

Details​

The following order is used to determine which dependency file will be parsed:

  • CLI DEPENDENCY_FILE argument
  • Dependency files in the .phylum_project file specified during phylum init
  • Recursive filesystem search

If any of these locations provides a dependency file, no further search will be done. Recursive filesystem search takes common ignore files like .gitignore and .ignore into account.

Examples​

# Parse a dependency file
$ phylum parse package-lock.json

# Parse the `Cargo.lock` and `lockfile` files as cargo dependency files
$ phylum parse --type cargo Cargo.lock lockfile