FAQ resource for What does the scan command analyze?.
Answer
The scan analyzes: runtime versions (Node.js, .NET, Python, Java, Go, Rust, PHP, Ruby, and more), framework versions (React, Next.js, Angular, Vue, NestJS, etc.), all dependencies from manifests like package.json, .csproj, requirements.txt, pom.xml, go.mod, Cargo.toml, composer.json, or Gemfile, lockfile data (duplicates, phantom deps), TypeScript configuration (strict mode, module system), and end-of-life risk for runtimes. Core analysis reads only manifest/config files — no source code execution.