phylum parse
Parse dependency files and output their packages as JSON
Usage: phylum parse [OPTIONS] [DEPENDENCY_FILE]...
Argumentsโ
[DEPENDENCY_FILE]
โ Path to the dependency file to parse
Optionsโ
-t, --type <TYPE>
โ Dependency file type used for all lockfiles (default: auto)
โ Accepted values: npm, yarn, pnpm, gem, pip, poetry, pipenv, mvn, gradle, nugetlock, msbuild, go, cargo, spdx, cyclonedx, auto
--skip-sandbox
โ Run lockfile generation without sandbox protection
--no-generation
โ Disable generation of lockfiles from manifests
-v, --verbose...
โ Increase the level of verbosity (the maximum is -vvv)
-q, --quiet...
โ Reduce the level of verbosity (the maximum is -qq)
-h, --help
�โ Print help
Detailsโ
The following order is used to determine which dependency file will be parsed:
- CLI
DEPENDENCY_FILEargument - Dependency files in the
.phylum_projectfile specified duringphylum init - Recursive filesystem search
If any of these locations provides a dependency file, no further search will be
done. Recursive filesystem search takes common ignore files like .gitignore
and .ignore into account.
Examplesโ
# Parse a dependency file
$ phylum parse package-lock.json
# Parse the `Cargo.lock` and `lockfile` files as cargo dependency files
$ phylum parse --type cargo Cargo.lock lockfile