# NodeJS

The NodeJS analyser is triggered when in any of the folders of the project one among these manifest files is found:

1. &#x20;a “package-lock.json”&#x20;
2. &#x20;a “packages.json”&#x20;
3. &#x20;a “yarn.lock”
4. &#x20;a “pnpm-lock.yaml”
5. an orphan node\_modules folder (normally disabled)

In case 1, 3 and 4 the client will trust the contents of the lock file and will collect the dependencies directly from there. In this case, it's important that the information is up to date, otherwise the client will collect stale data that will most probably lead to a wrong analysis: if you are in doubt please re-generate such files.&#x20;

In case 2 the client will use the local npm tool: it will first execute an “install” command, to make sure that the dependencies are correctly present, and then it will ask npm to generate the dependency tree. For this reason, the project has to build successfully.

**Excluding specific npm folders**

In order to avoid the client to look into specific subfolders (by default it won't look into folders named "lib", "examples", "samples" and of course "node\_modules), you can add this parameter to the invocation:

```
--flags:npm.folders.excluded=foo,bar,baz
```

You can also use the [standard mechanism to exclude folders](https://docs.meterian.io/the-client/general-operations/excluding-specific-folders), both are available.

**Processing only the root folder**

In order to avoid the client to look into any subfolder and, instead, search only in the root folder you can add this parameter to the invocation:

```
--flags:npm.root.only=true
```

**Tool requirements**

When using the [thin client](https://docs.meterian.io/the-client/client), the required tools will have to be installed and configured (Npm). This is not required when using the [dockerized client](https://docs.meterian.io/the-client/the-meterian-client-dockerized).

{% hint style="info" %}
When using the dockerized client via the [meterian-docker script ](https://docs.meterian.io/the-client/the-meterian-client-dockerized/basic-usage)note that as a result of the global node modules cache directory being mapped into the container by default the version of `npm` that is installed on the host machine will be employed for the scan should you happen to have it installed.
{% endhint %}

**Scanning orphan node\_modules folder**

Sometimes NodeJS assets are simply copied in a build in an "orphaned" state: only the node\_modules folder is present, with no manifest files declaring what's inside. In this situation, you can specify the parameter `--process-nodemodules` and the scanner will ingest all the information of any orphaned folder.  Only if this flag is not specified, this specific scanning is executed.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.meterian.io/languages-support/nodejs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.