issues
search
IBM
/
audit-ci
Audit NPM, Yarn, PNPM, and Bun dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories
Apache License 2.0
264
stars
42
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Bug: Does not work with bun
#344
Sukaato
closed
1 month ago
0
Tests failing when adding expiry to CVE.
#343
becker-finstreet
opened
2 months ago
0
fix: braces audit
#342
quinnturner
closed
2 months ago
0
Try yargs import
#341
quinnturner
closed
2 months ago
0
SyntaxError: The requested module 'yargs/yargs' does not provide an export named 'default'
#340
afdev82
closed
2 months ago
3
chore(deps-dev): bump braces from 3.0.2 to 3.0.3
#339
dependabot[bot]
closed
2 months ago
1
Bump audit-types to support Yarn v4
#338
quinnturner
closed
3 months ago
0
chore(deps): bump chownr from 1.0.0 to 1.1.0 in /test/yarn-4-low
#337
dependabot[bot]
closed
3 months ago
1
chore(deps): bump qs from 6.10.2 to 6.10.3 in /test/yarn-4-workspace/packages/yarn-high
#336
dependabot[bot]
closed
3 months ago
1
fix: add hideBin(process.argv) #334
#335
quinnturner
closed
3 months ago
0
v7 ignores command line arguments
#334
hwo411
closed
3 months ago
2
Update README.md
#333
quinnturner
closed
4 months ago
0
Support Yarn v4
#332
mistaecko
opened
4 months ago
6
chore(deps): bump undici from 5.19.1 to 5.28.4 in /test/yarn-moderate
#331
dependabot[bot]
closed
4 months ago
1
chore(deps-dev): bump vite from 5.0.7 to 5.2.8
#330
dependabot[bot]
closed
4 months ago
1
chore(deps): bump follow-redirects, axios and github-build in /test/npm-allowlisted-path
#329
dependabot[bot]
closed
4 months ago
1
chore(deps): bump axios from 0.15.3 to 0.28.0 in /test/npm-allowlisted-path
#328
dependabot[bot]
closed
6 months ago
1
chore(deps): bump undici from 5.19.1 to 5.28.3 in /test/yarn-moderate
#327
dependabot[bot]
closed
5 months ago
1
chore(deps-dev): bump vite from 5.0.7 to 5.0.12
#326
dependabot[bot]
closed
5 months ago
1
CI commands fail because no version 7
#325
DominicGBauer
closed
4 months ago
1
chore(deps): bump follow-redirects, axios and github-build in /test/npm-allowlisted-path
#324
dependabot[bot]
closed
6 months ago
1
fix: auditer -> auditor
#323
quinnturner
closed
9 months ago
0
fix: dist/bin.js path
#322
quinnturner
closed
9 months ago
0
Fix audits
#321
quinnturner
closed
9 months ago
0
Bun test runner
#320
quinnturner
closed
9 months ago
0
BREAKING: Require Node 18, support ESM and CJS
#319
quinnturner
closed
9 months ago
0
The audit report format changed?
#318
alexanderameye
closed
1 year ago
2
fix: fix types export in package.json
#317
kyletsang
closed
9 months ago
0
chore(deps): bump @builder.io/qwik from 0.16.1 to 0.21.0 in /test/yarn-moderate
#316
dependabot[bot]
closed
9 months ago
1
Replace event-stream with something secure and supported
#315
jeremywadsack
closed
4 months ago
4
fix: sort all outputs for cleanliness and consistency
#314
quinnturner
closed
1 year ago
0
chore: Add tslib dependency for smaller size
#313
quinnturner
closed
1 year ago
0
chore(deps): bump @builder.io/qwik from 0.16.1 to 0.16.2 in /test/yarn-moderate
#312
dependabot[bot]
closed
1 year ago
1
Support ESM
#311
quinnturner
closed
1 year ago
0
[BREAKING] Remove printing audit-ci version
#310
quinnturner
closed
1 year ago
0
feat: Improved CLI support and TypeScript tests & migrate to PNPM
#309
quinnturner
closed
1 year ago
0
packages starting with "@" are not working in allowlist
#308
WhatIfWeDigDeeper
closed
1 year ago
2
Release 6.6.1
#307
quinnturner
closed
1 year ago
0
fix(#301): Handle JSONStream.parse() errors more gracefully
#306
quinnturner
closed
1 year ago
0
Add files for Yarn 3
#305
quinnturner
closed
4 months ago
0
Update README.md for improved docs on extra-args
#304
quinnturner
closed
1 year ago
0
chore: Release 6.6.0
#303
quinnturner
closed
1 year ago
0
Tests should include all major Yarn versions
#302
sargunv
closed
4 months ago
2
Handle errors from Yarn Berry more gracefully
#301
sargunv
closed
1 year ago
2
Add `--extra-args` to fix #298
#300
sargunv
closed
1 year ago
6
chore(deps): bump json5 from 1.0.1 to 1.0.2
#299
dependabot[bot]
closed
1 year ago
0
Support Yarn's `--exclude`
#298
sargunv
closed
1 year ago
2
[BREAKING] feat: Improved scripting support and TypeScript tests
#297
quinnturner
closed
1 year ago
0
Add ignore to linguist for Yarn Berry
#296
quinnturner
closed
1 year ago
0
Update CircleCI base image
#295
quinnturner
closed
1 year ago
0
Next