Open
Description
Describe the bug
When using the scanTargets option and specifying either package-lock.json files OR an ANT glob pattern like 'src/**/.js', the scan works great. However, if I specify both the package-lock.json files AND the ANT glob, then only the ANT glob results appear in the scan. Moving the ANT glob to different positions in the list did not change the behavior.
To Reproduce
For an npm project wrapped with Gradle where the src directory contains node_modules instead of a package-lock.json file, a scanTargets option like the following produces results for only the ANT glob pattern.
scanTargets = [
'src/**/*.js*',
'module-a/package-lock.json',
'module-b/package-lock.json',
'module-c/package-lock.json'
]
Expected behavior
Scan across all targets in the scanTargets list.
Screenshots
n/a
Desktop (please complete the following information):
- OS: OS X 14.4.1 (aarch64)
- Gradle Version: 8.8
- JVM Version and Flavor: Amazon Corretto OpenJDK 64-Bit Server VM 17.0.11+9-LTS (mixed mode, sharing)
- Nexus IQ Server Version: 174
- Version: 2.8.3
Additional context
n/a