User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page

FAQ

PreviousRules ScreenNextVulnerability Disclosure

Last updated 5 months ago

What's the difference between package.json and a lock file?

  • package.json: This file describes your project and lists dependencies with desired version ranges (e.g., ^1.2.3). Think of it as your project's wishlist.

  • lock file: This file locks down the exact versions of dependencies installed to ensure everyone gets the same setup. It's like a receipt for your project's dependencies. Different package managers have their own lock file, for example npm uses package-lock.json, yarn uses yarn.lock and pnpm uses pnpm-lock.yaml.

In short, package.json defines what you want, and the lock file guarantees you get it. Both are essential for managing Node.js project dependencies.

What's the difference between the and the ?

When the Seal CLI runs as part of your CI pipeline, the CLI needs to get its instructions from somewhere, so it will know which packages to replace.

A Local Configuration means the CLI instructions are saved locally in a file in your project's code repository, customarily in its root directory. These rules define the CLI's behavior specifically for that project.

A Remote Configuration means the CLI instructions are saved remotely on the Seal server. These rules can apply to a specific project, or all projects.

Local Configuration
Remote Configuration