Minimize Libraries Reports in WhiteSource for Node.js Projects | Exam AZ-400 Solution

Minimize Libraries Reports for Node.js Projects with WhiteSource

Question

You have 50 Node.js-based projects that you scan by using WhiteSource. Each project includes Package.json, Package-lock.json, and Npm-shrinkwrap.json files.

You need to minimize the number of libraries reports by WhiteSource to only the libraries that you explicitly reference.

What should you do?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

To minimize the number of libraries reported by WhiteSource to only the libraries that you explicitly reference in your 50 Node.js-based projects, you can follow the below steps:

Step 1: Configure WhiteSource to scan only the required files You can configure WhiteSource to scan only the Package.json file in each project. To do this, you need to configure the File System Agent plug-in. The File System Agent plug-in scans files in the specified directories and sends the scan results to WhiteSource. You can configure the plug-in to scan only the Package.json file by specifying the file path in the plug-in configuration.

Step 2: Add a devDependencies section to Package.json The devDependencies section in the Package.json file lists the packages that are required for development and testing only. These packages are not required for production deployment. By adding only the required packages to the devDependencies section, you can minimize the number of libraries reported by WhiteSource.

Step 3: Delete Package-lock.json The Package-lock.json file is created by npm to lock down the version of each package installed in your project. The file contains a complete list of all the packages and their dependencies, including the ones that are not explicitly required in your project. By deleting the Package-lock.json file, you can ensure that WhiteSource reports only the libraries that you explicitly reference.

Therefore, the correct answer is B. Add a devDependencies section to Package-lock.json. Option A is incorrect as it is not a viable solution. Option C is incorrect as it is not relevant to the question. Option D is incorrect as deleting the Package-lock.json file can cause issues with your project's dependencies.