-
### Description
**soap v0.26.0** (which relies on **xml-crypto v0.8.5**) has a high security vulnerability
### Steps to Reproduce
`pnpm audit`
OR
`npm audit`
OR
`yarn audit`
### Screenshot…
-
I am trying to install yarn on my computer, but it seems like I am unable to install all of the packages, therefore, when I run yarn --version, I have zsh: command not found.
cleogao@Cleos-MacBo…
-
Thank you for the excellent tool.
I'm not good at English, so the text might be difficult to read.
Please understand.
### Background
Corepack has a feature that throws an error when a differen…
-
- [ ] Regular Expression Denial of Service (ReDoS)
- [ ] Prototype Pollution
- [ ] fix dev warnings as well
- [ ] install yarn 1.13.0 as dev dependancy
- [ ] fix any additional issues `yarn audi…
-
**Describe the solution you'd like**
It'd be nice to actually apply the security framework when building.
**Describe alternatives you've considered**
Ignoring security problems won't help.
-
The following interdependency causes an issue with yarn audit detecting GOT as vulnerable
```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Got …
-
**Describe the bug**
I can't scan yarn projects
**To Reproduce**
Given the Jenkins pipeline:
```groovy
pipeline {
agent {
docker {
image 'node:16'
}
}
…
-
## yarn-deduplicate
- [atlassian/yarn-deduplicate: Deduplication tool for yarn.lock files](https://github.com/atlassian/yarn-deduplicate)
yarn.lock の整理に使える?
`$ yarn audit` に引っかかった(依存ツリーの奥底の)パ…
-
For admins, Github is displaying the following list of known issues with dependencies of this project. Since this is client-side only, and a "work in progress" project for React components, these aren…
-
**Is your feature request related to a problem? Please describe.**
When working on projects for my clients, I always setup a `pnpm audit && yarn audit` as a blocking step of my CI pipeline to ensur…