Skip to main content
We are excited to introduce the latest features and enhancements in Endor Labs.

Custom lock file location for JavaScript scans

Enhancement You can now specify an exact lock file path for JavaScript and TypeScript scans using the ENDOR_JS_LOCK_FILE_PATH environment variable. This is useful when the lock file does not live at the package directory or repository root. For more information, see Specify a custom lock file location.

Git-based dependencies

Beta New Endor Labs now resolves private Git-based dependencies hosted outside the repository being scanned, including those in a different organization, workspace, or project. Configure credentials for these repositories in the Git-based dependency integration to improve dependency resolution and reachability analysis. If an existing SCM integration already has access to these repositories, Endor Labs reuses those credentials. For more information, see Git-based dependencies.

OSS Coverage dashboard

Beta New You can now use the OSS Coverage dashboard to get a centralized view of open source coverage across your namespace. You can see how Endor Labs resolves dependencies and performs reachability analysis on your scanned projects. The dashboard groups coverage gaps by root cause, and each error links to the full scan log so you can investigate and fix scan failures. For more information, see OSS coverage