package-json: add yarn and remove package-lock.json

- add yarn that use and generates package.json too - remove package-lock.json since it's specific to npm
2023-01-06 18:17:07 +01:00 · 2023-01-06 18:17:07 +01:00 · a551dcfbd8
parent f7a08283ab
commit a551dcfbd8
1 changed files with 6 additions and 4 deletions
--- a/exposures/configs/package-json.yaml
+++ b/exposures/configs/package-json.yaml
@ -2,16 +2,18 @@ id: package-json

 info:
  name: npm package.json disclosure
-  author: geeknik,afaq
+  author: geeknik,afaq,noraj
  severity: info
-  description: All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project.
+  description: All NodeJS packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project generated by package managers such as npm or yarn.
+  reference:
+    - https://docs.npmjs.com/cli/v9/configuring-npm/package-json
+    - https://classic.yarnpkg.com/lang/en/docs/package-json/
  tags: config,exposure

 requests:
  - method: GET
    path:
      - "{{BaseURL}}/package.json"
-      - "{{BaseURL}}/package-lock.json"

    matchers-condition: and
    matchers:
@ -28,4 +30,4 @@ requests:

      - type: status
        status:
-          - 200
+          - 200