SonarScanner version: 4.5
I have an Angular monorepo built with Nx. I had 1 package.json file in the root directory and Sonar was working fine. Now I need to create one package.json file for each app to basically start versioning them individually. My surprise today is that after modifying a file with an import statement to a third party module I have this code smell:
Dependencies should be explicit
Dependencies should be explicitly listed in the
package.json
file. Importing a module that is not declared as a dependency makes it an implicit one and is bound to create problems.
This is because inside the new package.json file per app I only have the name and the version, all the dependencies are in the root package.json file. So I guess that the scanner stops in the first package.json that it founds.