-
Is it expected that `yarn audit --production` audit only packages' dependencies for production environments?
If so, it isn't working.
**steps to reproduce**
1. `yarn init -y`
2. `yarn a…
-
`yarn audit` report:
![screenshot_2020-02-28_15-06-31](https://user-images.githubusercontent.com/41773861/75518474-f2b8f780-5a3b-11ea-9508-baeedc5f6dfe.png)
`npx audit-ci -m` report:
![screen…
-
### Self-service
- [ ] I'd be willing to implement a fix
### Describe the bug
If we run audit command with these options
`yarn npm audit --environment production --recursive`
and in yo…
-
With the release of `Dependency-Check` [v6.1.0](https://github.com/jeremylong/DependencyCheck/releases) (and subsequent fixes in v6.1.1), Yarn auditing is supported natively.
In this plugin, the lo…
-
There is no `bun audit` and `bun audit fix` like there is when using npm.
How do we fix vulnerabilities when using bun as package manager? If there is no way to deal with this, we need to switch ba…
-
Issue edited (original content below)
### What happened?
Our GH dependabot seem to be unable to open PRs to fix vulnerable dependencies:
https://github.com/kumahq/kuma-website/security/dependa…
-
### Self-service
- [ ] I'd be willing to implement a fix
### Describe the bug
If I use `yarn dlx -p typescript@5.5.4 build` with this package.json scripts section
```
...
"scripts": {
…
uchar updated
3 weeks ago
-
Hello, I'm trying to install version 9.1.0 on OSX, and this error happends
```
# This file contains the result of Yarn building a package (guetzli@https://github.com/343dev/guetzli-bin.git#commit…
-
**Describe the bug**
Audit did not produce a value Cumulative Layout Shift at all on all URLs on Bitbucket Pipeline. Received NaN
It does successfully execute the x runs on the other URLs, but it …
-
GitHub reports dependency checks on master but not on other branches. For master and release branches such as release_1.7 and release_1.6 (we would manually specify, since we are going only several ve…