Skip to content

Exclude development or test dependencies for PNPM Package type #4430

New issue
New issue
Open
#4487
Open
Exclude development or test dependencies for PNPM Package type#4430
#4487
Labels
enhancementNew feature or requestgood-first-issueGood for newcomers
@Ajit-15

Description

@Ajit-15
Ajit-15
opened on Dec 3, 2025

What would you like to be added:
We have file - pnpm-lock.yaml which is having all required and dev dependencies. Syft is giving SBOM which has all dependencies including required and dev dependencies without scope defined. Can we exclude dev and test dependencies and get only the actual one?

Why is this needed:
To have clean and required dependencies for direct and transitive SBOM.

Additional context:

Example : Purl for PNPM = "pkg:npm/[email protected]"

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood-first-issueGood for newcomers

    Type

    No type

    Projects

    OSS

    Status

    Ready

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions