Run Yarn Audit on all Yarn.lock files

globocom / huskyCI

Performing security tests inside your CI

https://huskyci.opensource.globo.com

BSD 3-Clause "New" or "Revised" License

572 stars 137 forks source link

Run Yarn Audit on all Yarn.lock files #427

Open Krlier opened 4 years ago

Krlier commented 4 years ago

It's possible for a project to have more than one Yarn.lock file, which is not contemplated by huskyCI nowadays, as only the root directory is being searched for the file.

It would be nice if huskyCI could verify the whole project for all the existing Yarn.lock files and analyze them all.

rafaveira3 commented 4 years ago

Great catch, @Krlier! It indeed can happen that. We will work on this one soon. Stay tuned! 🚀