Yarn audit suddenly stopped auditing packages

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry

https://classic.yarnpkg.com

Other

41.37k stars 2.72k forks source link

Yarn audit suddenly stopped auditing packages #9054

Closed yoieh closed 1 month ago

yoieh commented 1 month ago

This worked fine yesterday but today audit stopped working on any project I tried to audit...

0 vulnerabilities found - Packages audited: 0

Recreate

yarn version: v1.22.21 node version: v20.11.1 The same results on Mac, and Ubuntu

yarn create vite
create with any template.
cd <TO-PROJECT>
yarn install
yarn audit

Results in:

yarn audit v1.22.21
0 vulnerabilities found - Packages audited: 0
✨  Done in 0.47s.

verbose log

yarn audit --verbose

yarn-audit.log

mnikolaus commented 1 month ago

The same issue with yarn 1.22.19 node 18.17.1

yoieh commented 1 month ago

Might be something bigger... tested an audit with npm as well but no vulnerabilities are found when I have installed packages that should have a known vulnerability. 🤔

yoieh commented 1 month ago

My guess is that yarn audit uses on NPMs Security Audit just like npm audit. There's something wrong with Security Audit even tho it's up and running according to the status page... https://status.npmjs.org/ I created a support ticket at https://www.npmjs.com/support since this feels like a bigger issue :)

Leaving this open for others to see until it gets fixed.

yoieh commented 1 month ago

This has now been fixed by npm 😄