Hi! We absolutely love better-npm-audit, it's the best NPM vulnerability scanner we've seen.
However, we also prefer to use the pnpm package manager above the npm package manager, but pnpm uses a different type of lock-file that better-npm-audit doesn't seem to support.
Is there anything planned regarding pnpm (lockfile) support?
I am aware of some unofficial tools to convert the pnpm lockfile into a regular package-lock.json, but it doesn't seem that either npm or pnpm offers an official API for that.
Hi! We absolutely love
better-npm-audit, it's the best NPM vulnerability scanner we've seen.However, we also prefer to use the pnpm package manager above the npm package manager, but pnpm uses a different type of lock-file that better-npm-audit doesn't seem to support.
Is there anything planned regarding pnpm (lockfile) support?
I am aware of some unofficial tools to convert the pnpm lockfile into a regular package-lock.json, but it doesn't seem that either npm or pnpm offers an official API for that.