Using Production Dependencies Only in WhiteSource Bolt for Node.js Application Scans

C

The correct answer to this question is option A: npm edit.

Explanation:

WhiteSource Bolt is a tool that helps in identifying security vulnerabilities, outdated libraries, and non-compliant open-source licenses in your application. In this case, the scan has found numerous libraries with invalid licenses, but these libraries are only used during development and not in production.

To ensure that only production dependencies are scanned by WhiteSource Bolt, you need to edit the package.json file and remove the development dependencies from the file. The package.json file lists all the dependencies used by your Node.js application, including both production and development dependencies.

The npm edit command opens the package.json file in an editor, allowing you to make changes to the file. You can remove the development dependencies from the file and save the changes. Once you have removed the development dependencies, you can rerun the WhiteSource Bolt scan, and it will only scan the production dependencies.

The other options provided in the question are not relevant to this scenario:

• npm publish is used to publish a new version of your package to the npm registry.
• npm install is used to install dependencies listed in the package.json file.
• npm update is used to update the dependencies to their latest version, which may not be desirable in this case.

Therefore, the correct answer is option A: npm edit.