Snyk Container npm lockfile v3 bug fix

We discovered a bug in the handling of applications using npm lockfile v3 in Snyk Container, causing transitive dependencies to be omitted from results.

A fix has been identified. Once this has been applied, Snyk Container npm projects using v3 lockfiles are likely to see an increase in identified dependencies. This may lead to an increase in vulnerabilities when re-scanning existing repositories, even if repository contents are unchanged.

The fix will be rolled out to both the Kubernetes integration and next Snyk CLI stable release on December 18th.

The fix is already available in Container Registry integrations.

If you have any questions or need assistance, please don’t hesitate to reach out to us.