Open Ais8Ooz8 opened 8 months ago
@Ais8Ooz8 thank you for your feedback!
For Yarn, devDependencies
are specified in pacakge.json and osv-scanner
currently scans yarn.lock
for vulnerabilities. We can report dependency groups for Yarn once we support scanning package.json
.
Up
Related issue to support manifest scanning: https://github.com/google/osv-scanner/issues/416
This issue has not had any activity for 60 days and will be automatically closed in two weeks
Need the same mechanism https://github.com/google/osv-scanner/pull/655 using dependencies and devDependencies from package.json