From 784a1393fc3af6dbc8417a50af8e777f4c33e9ee Mon Sep 17 00:00:00 2001
From: stevespringett <steve@springett.us>
Date: Fri, 21 Jul 2017 15:18:10 -0500
Subject: [PATCH] Added check for node_modules directory. Will skip if
 package.json is a node module. Fixes #797

---
 .../org/owasp/dependencycheck/analyzer/NspAnalyzer.java     | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
index a49fc4145..40752bec6 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NspAnalyzer.java
@@ -149,6 +149,12 @@ public class NspAnalyzer extends AbstractFileTypeAnalyzer {
         final File file = dependency.getActualFile();
         try (JsonReader jsonReader = Json.createReader(FileUtils.openInputStream(file))) {
 
+            // Do not scan the node_modules directory
+            if (file.getCanonicalPath().contains(File.separator + "node_modules" + File.separator )) {
+                LOGGER.debug("Skipping analysis of node module: " + file.getCanonicalPath());
+                return;
+            }
+
             // Retrieves the contents of package.json from the Dependency
             final JsonObject packageJson = jsonReader.readObject();