Exam AZ-400 topic 4 question 27 discussion

Correct answers are A & D. 1. When you use --production flag in npm install devDependencies are not installed (so C is wrong). 2. npm install command installs the dependencies to the local node_modules folder. https://docs.npmjs.com/cli/v8/commands/npm-install 3. WhiteSource scan the entire project folder by default. You have to configure it to scan only the node_modules since the production dependencies are there. https://whitesource.atlassian.net/wiki/spaces/WD/pages/33751265/Previous+Version+of+WhiteSource+Bolt+for+Azure+Pipeline#Build-Configuration-for-Azure-DevOps-Server "If there is a policy match on a Reassign action, the request will be automatically reassigned to a designated user or group in the system which is not the default approver." https://whitesource.atlassian.net/wiki/spaces/WD/pages/34013519/Managing+Automated+Policies#Applying-Actions-to-a-Library But is this action required in the question? Of course no. So even B is wrong

the answer is correct - devDependent and productionflag

First C : We should first move the dev packages to the devDependencies Then A : npm install --production

I think I'll go by A and C since the question says 'The libraries are used only during development and are not part of a production deployment.' it means that you need to add the dev dependencies in your Package.json file.

A. Run npm install and specify the --production flag. This will make npm only install the dependencies listed in the "dependencies" section of your package.json and skip those listed in the "devDependencies" section, which are assumed to be only relevant for development purposes. Therefore, only production dependencies will be present in the node_modules directory for WhiteSource Bolt to scan. D. Configure WhiteSource Bolt to scan the node_modules directory only. By focusing the scan to the node_modules directory, you ensure that WhiteSource Bolt only considers packages that have been installed and are needed for production. It would not take into account those packages which are purely for development purposes and thus not present in this directory.

AC is the correct and enforces an smart definition of run-time and development deps.

I'd say the answer AC is correct. You need to modify devDependencies in package.json (C) so that npm knows which dependencies are for development use only, and run install with --production flag (A) to not install them. I do not see how D would help me. Both production and development dependencies are installed in the same "node_modules" folder. Restricting WhiteSource to scan only this folder would not exclude development dependencies.

A & D were my chosen answers yesterday when I sat on this exam and I passed

npm install is what you need to do so A is correct https://stackoverflow.com/questions/72784118/unable-resolve-npm-dependencies-while-whitesource-scan-in-jenkins "doing whitesource scan for node_modules directory and when scanning ,in resolving dependency" Taking D as the other answer

On exam 20220727.

AB C is strange... we dont want to update our dev dependencies to valid our prod dependencies..

Selected during exam. A. Run npm install and specify the --production flag. B. Modify the WhiteSource Bolt policy and set the action for the licenses used by the development tools to Reassign.

Tested

so I guess people are just upvoting the most upvoted answer because it's usually correct? In this case it's clearly wrong. Modifying devDependencies will modify... your development dependencies. Which is undesirable. Here we just want to change what whitesource does.

A and B are correct. https://whitesource.atlassian.net/wiki/spaces/WD/pages/34013519/Managing+Automated+Policies

C doesn't make any sense. Why do you need to modify the devDepenedency???? npm install with --production flag will only install the prod dependency, whatever is specified in the "devDependency" is not relevant.

this came in today exam Az-400 (Dec 2021)