Configuration
Config file
Create a .ghostdep.yaml in your project root:
ghostdep init
Or write one manually:
ignore_deps:
- "internal-*"
- "my-shared-lib"
ignore_paths:
- "scripts/**"
- "generated/**"
include_dev: true
min_confidence: low
format: text
cache: false
Config options
| Option | Type | Default | Description |
|---|---|---|---|
ignore_deps | list of globs | [] | Dependencies to exclude from findings |
ignore_paths | list of globs | [] | File paths to skip during scanning |
include_dev | bool | true | Whether to analyze dev dependencies |
min_confidence | low/medium/high | low | Minimum confidence threshold |
format | text/json/sarif | text | Output format |
threads | number or null | null (all cores) | Max scanner threads |
cache | bool | false | Enable incremental scan cache |
Precedence
Configuration is resolved in three layers:
- Defaults — hardcoded sensible values
- Config file —
.ghostdep.yamloverrides defaults - CLI flags — always win over config file
ignore_deps and ignore_paths are additive across all layers. Everything else is last-writer-wins.
Example: suppress known false positives
ignore_deps:
- "internal-*" # internal packages in your monorepo
- "my-codegen-lib" # generated code imports this
Example: CI-optimized config
format: sarif
min_confidence: medium
include_dev: false
cache: true
ignore_paths:
- "test/**"
- "scripts/**"