Dependencies only searched one package.json up

Using monorepos I get plenty of incorrect error reports:

Code smell: Either remove this import or add it as a dependency.

In a monorepo, dependencies are added via package.json at potentially many levels of the project. Sonar is only searching for the nearest package.json up the directory hierarchy. It should continue searching up all the way looking for package.json’s where the dependency may be declared rather than falsely report code smells that don’t apply just because a package.json was found in a subdirectory between the source code and the top level of the monorepo.


1 Like


Thanks for reporting this! Ticket is created S4328 (no-implicit-dependencies): check package.json files in all levels up · Issue #2682 · SonarSource/SonarJS · GitHub