Scanning is done by inspecting package.json and package-lock.json or yarn.lock files. It does not scan the actual code.
If you bundle your code then inspector will not be able to detect vulnerabilities unless you ship your lock file in your asset bundle.
Yep! It's with the package.json or package-lock.json which has the dependencies is what is scanned.
package.json
package-lock.json
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Scanning is done by inspecting package.json and package-lock.json or yarn.lock files. It does not scan the actual code.
If you bundle your code then inspector will not be able to detect vulnerabilities unless you ship your lock file in your asset bundle.
Yep! It's with the
package.jsonorpackage-lock.jsonwhich has the dependencies is what is scanned.