> ## Documentation Index > Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt > Use this file to discover all available pages before exploring further. # Commands & Arguments > Complete reference for all SCANOSS-JS CLI commands and their arguments. ## General Arguments The following arguments are available on all commands: | Argument | Description | | ----------------- | ------------------------ | | `--version`, `-V` | Output version number | | `--help`, `-h` | Display help for command | ## scan Scans a folder or file against the SCANOSS API to identify open-source components, licences, vulnerabilities, and dependencies. Results are written to STDOUT by default. ```bash theme={null} scanoss-js scan [OPTIONS] ``` | Argument | Description | | --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `--wfp`, `-w` | Scan a pre-generated `.wfp` fingerprint file instead of a folder | | `--hpsm`, `-H` | Enable High Precision Snippet Matching | | `--extract`, `-x` | Extract compressed files before scanning into a `-unzipped` folder | | `--extract-overwrite` | Overwrite the decompressed folder if it already exists | | `--extract-deep ` | Set the recursion depth for decompression | | `--extract-suffix ` | Set a custom suffix for the decompressed folder name | | `--concurrency `, `-c` | Number of concurrent connections to use while scanning (default: `10`) | | `--ignore `, `-n` | Ignore components listed in an SBOM file | | `--output `, `-o` | Write results to a file (default: STDOUT) | | `--format `, `-f` | Output format: `json`, `html` (default: `json`) | | `--flags `, `-F` | Scanning engine flags: `1` disable snippets, `2` enable snippet IDs, `4` disable dependencies, `8` disable licences, `16` disable copyrights, `32` disable vulnerabilities, `64` disable quality, `128` disable cryptography, `256` disable best match, `512` report identified files | | `--min-snippet-hits ` | Minimum snippet hits required for a match (`0` defers to server configuration) | | `--min-snippet-lines ` | Minimum snippet lines required for a match (`0` defers to server configuration) | | `--ranking ` | Enable or disable result ranking: `true` or `false` (default: server configuration) | | `--ranking-threshold ` | Ranking threshold value from `-1` to `10` (`-1` defers to server configuration) | | `--honour-file-exts ` | Honour file extensions during scanning: `true` or `false` (default: server configuration) | | `--post-size `, `-P` | Maximum kilobytes per API request (default: `32`) | | `--max-retry `, `-R` | Maximum number of retries for each POST request (default: `5`) | | `--timeout `, `-M` | API communication timeout in seconds (default: `120`) | | `--obfuscate` | Obfuscate file paths in fingerprints before sending | | `--dependencies`, `-D` | Include dependency scanning alongside file scanning | | `--cryptography`, `-C` | Include cryptography detection alongside file scanning | | `--algorithm-rules `, `-ar` | Path to a custom cryptographic algorithm rules file (JSON) | | `--library-rules `, `-lr` | Path to a custom cryptographic library rules file (JSON) | | `--apiurl ` | SCANOSS API URL (default: `https://api.osskb.org/scan/direct`) | | `--api2url ` | SCANOSS gRPC API 2.0 URL (default: `api.scanoss.com:443`) | | `--key `, `-k` | SCANOSS API key token (not required for the default OSSKB URL) | | `--ignore-cert-errors` | Ignore SSL certificate errors *(use only in trusted environments)* | | `--ca-cert ` | Path to a custom CA certificate PEM file for SSL/TLS connections | | `--proxy ` | Proxy URL. Also reads from the `HTTPS_PROXY` and `grpc_proxy` environment variables | | `--grpc_proxy ` | gRPC proxy URL | | `--verbose`, `-v` | Enable verbose output during scanning | | `--settings `, `-st` | Settings file to use for scanning (default: `scanoss.json`) | | `--skip-settings-file`, `-stf` | Skip the default `scanoss.json` settings file | | `--debug` | Enable debug output | > When `--cryptography` is used without an API key (`--key`), only **local** cryptography detection is performed. Component-level cryptography scanning via the SCANOSS API requires an API key. > The `--dependencies` flag is not applicable when scanning a pre-generated `.wfp` fingerprint file, as dependency manifest files are not captured in fingerprint hashes. ## dep Scans a folder exclusively for dependency manifest files without performing open-source code identification. ```bash theme={null} scanoss-js dep [OPTIONS] ``` | Argument | Description | | --------------------------- | ------------------------------------------------------------------ | | `--output `, `-o` | Write results to a file (default: STDOUT) | | `--apiurl ` | SCANOSS API URL (default: `https://api.osskb.org/scan/direct`) | | `--key `, `-k` | SCANOSS API key token (not required for the default OSSKB URL) | | `--ignore-cert-errors` | Ignore SSL certificate errors *(use only in trusted environments)* | | `--ca-cert ` | Path to a custom CA certificate PEM file for SSL/TLS connections | | `--proxy ` | Proxy URL. Also reads from the `HTTPS_PROXY` environment variable | | `--debug` | Enable debug output | The following dependency manifest files are recognised during scanning: | Ecosystem | Files | | ------------ | ------------------------------------------------------------------------------------------------------------------------------------- | | Python | `requirements.txt`, `pip_requirements_lock.txt`, `*-requirements.txt`, `requirements-*.txt`, `dev-requirements.txt`, `pyproject.toml` | | Java | `pom.xml` | | JavaScript | `package.json`, `package-lock.json` (v1, v2, v3), `yarn.lock`, `pnpm-lock.yaml` (v5, v6, v9+) | | Ruby | `Gemfile`, `Gemfile.lock` | | Golang | `go.mod`, `go.sum` | | .NET / NuGet | `*.csproj`, `packages.config` | | Gradle | `build.gradle`, `build.gradle.kts`, `libs.versions.toml` | ## wfp Generates WFP (Winnowing FingerPrint) hashes for a folder or file without performing any API calls or analysis. The resulting output can be saved to a file and passed to `scan` at a later time using the `--wfp` flag. ```bash theme={null} scanoss-js wfp [OPTIONS] ``` | Argument | Description | | --------------------------- | ------------------------------------------------------------- | | `--hpsm`, `-H` | Enable High Precision Snippet Matching | | `--obfuscate` | Obfuscate file paths in fingerprints | | `--output `, `-o` | Write fingerprints to a file (default: STDOUT) | | `--block-size `, `-p` | Maximum size in KB for each fingerprint block (default: `64`) | ## crypto Scans a folder or file for local cryptographic algorithm and library detection without performing open-source identification. Custom detection rules can be provided via JSON files. ```bash theme={null} scanoss-js crypto [OPTIONS] ``` | Argument | Description | | --------------------------------- | ---------------------------------------------------------- | | `--algorithm-rules `, `-ar` | Path to a custom cryptographic algorithm rules file (JSON) | | `--library-rules `, `-lr` | Path to a custom cryptographic library rules file (JSON) | | `--output `, `-o` | Write results to a file (default: STDOUT) | | `--threads `, `-T` | Number of threads to use while scanning (default: `5`) | ## components Queries the SCANOSS Knowledge Base for component intelligence. Supports searching, version lookups, statistics, and component information retrieval. ```bash theme={null} scanoss-js components [OPTIONS] ``` The `` argument must be one of: `search`, `versions`, `stats`, `info`. | Argument | Description | | --------------------------- | ------------------------------------------------------------------ | | `--output `, `-o` | Write results to a file (default: STDOUT) | | `--apiurl ` | SCANOSS API URL (default: `https://api.osskb.org`) | | `--key `, `-k` | SCANOSS API key token | | `--ignore-cert-errors` | Ignore SSL certificate errors *(use only in trusted environments)* | | `--ca-cert ` | Path to a custom CA certificate PEM file for SSL/TLS connections | | `--proxy ` | Proxy URL | | `--grpc` | Use gRPC instead of HTTP for API calls | | `--debug` | Enable debug output | ### search | Argument | Description | | ------------------------- | -------------------------------------------- | | `--query `, `-q` | Search query string | | `--vendor ` | Filter by vendor name | | `--component ` | Filter by component name | | `--package ` | Filter by package type (e.g. `npm`, `maven`) | | `--limit ` | Maximum number of results to return | | `--offset ` | Result offset for pagination | ### versions | Argument | Description | | --------------- | ----------------------------- | | `--purl ` | Package URL (PURL) to look up | ### stats | Argument | Description | | --------------------- | -------------------------------------------- | | `--purls ` | Comma-separated list of PURLs for statistics | | `--purls-file ` | File containing PURLs, one per line | ### info | Argument | Description | | -------------------- | ------------------------------------------- | | `--name ` | Component name to look up | | `--include-versions` | Include version information in the response | | `--include-stats` | Include statistics in the response |