You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today I learned that malformed_package_json is a common name for a test fixture. Thanks!
What version of Syft are you using? Syft recently changed to treat unparseable files as known-unknowns (see #518) and no longer prints warnings here. I think if you upgrade Syft, you'll stop seeing the warnings, but the JSON output you get will list the malformed package JSON as known unknowns.
Discussion: Should Syft exclude certain globs by default?
I've marked this as needs-discussion so we can discuss on our live stream whether there should be default excludes in Syft - right now Syft attempts to scan the entire image or directory by default, but it might make sense to exclude test fixtures from directory scans by default, for example, if we can figure out a good way that doesn't accidentally exclude too much.
What would you like to be added:
syft should ignore explicitly malformed test file package.json
e.g. https://github.com/browserify/resolve/blob/main/test/resolver/malformed_package_json/package.json
Why is this needed:
Reduce false positive warnings in runs.
Other tooling already excludes the file: https://github.com/search?q=%22malformed_package_json%22&type=code
Additional context:
Syft runs presently throw these warnings for it:
The text was updated successfully, but these errors were encountered: