phylum parse

Parse dependency files and output their packages as JSON

Usage: phylum parse [OPTIONS] [DEPENDENCY_FILE]...

Arguments

[DEPENDENCY_FILE] Path to the dependency file to parse

Options

-t, --type <TYPE> Dependency file type used for all lockfiles (default: auto) Accepted values: npm, yarn, pnpm, gem, pip, poetry, pipenv, mvn, gradle, msbuild, nugetlock, gomod, go, cargo, spdx, cyclonedx, auto

--skip-sandbox Run lockfile generation without sandbox protection

--no-generation Disable generation of lockfiles from manifests

-o, --org <ORG> Phylum organization

-v, --verbose... Increase the level of verbosity (the maximum is -vvv)

-q, --quiet... Reduce the level of verbosity (the maximum is -qq)

-h, --help Print help

Details

The following order is used to determine which dependency file will be parsed:

CLI DEPENDENCY_FILE argument
Dependency files in the .phylum_project file specified during phylum init
Recursive filesystem search

If any of these locations provides a dependency file, no further search will be done. Recursive filesystem search takes common ignore files like .gitignore and .ignore into account.

Examples

# Parse a dependency file
$ phylum parse package-lock.json

# Parse the `Cargo.lock` and `lockfile` files as cargo dependency files
$ phylum parse --type cargo Cargo.lock lockfile

Arguments​

Options​

Details​

Examples​

Arguments

Options

Details

Examples