0

Hi everyone, I have a question about checking your Mendix project for potential Javascript (NPM) vulnerabilities.   I know that (most) widgets have some sort of Javascript / NPM dependencies but I am having a hard time identifying which ones are in my project. I need soms sort of list (list of materials) so I can use tools to evaluate if my project contains any vulnerable NPM dependencies.   I know that most widgets contain a package.json but this only lists the 'primary' dependencies and not the full tree of dependencies. This is usually listed in a package-lock.json and this is the type of file that most common tools like for instance Snyk use to evaluate whether or not a project contains any vulnerable NPM dependencies.   I have tried several ways of exporting my project etc. but I can not find a package-lock.json file or any other proper references to NPM dependencies anywhere.   For JAVA libraries this is a different story as these are listed in the userlib folder in my .mpk export. NPM however?    Is there anyone out there experiencing the same challenge and who knows how to overcome this?   Many thanks for the help in advance!

asked 2025-10-14

0 answers