Scan and report dependency groups of vulnerabilities for Yarn #799

Ais8Ooz8 · 2024-02-13T10:01:25Z

Need the same mechanism #655 using dependencies and devDependencies from package.json

cuixq · 2024-02-14T06:08:45Z

@Ais8Ooz8 thank you for your feedback!

For Yarn, devDependencies are specified in pacakge.json and osv-scanner currently scans yarn.lock for vulnerabilities. We can report dependency groups for Yarn once we support scanning package.json.

Ais8Ooz8 · 2024-05-21T19:39:00Z

Up

cuixq · 2024-06-03T01:05:22Z

Related issue to support manifest scanning: #416

github-actions · 2024-08-02T01:26:53Z

This issue has not had any activity for 60 days and will be automatically closed in two weeks

cuixq self-assigned this Feb 14, 2024

cuixq added the enhancement New feature or request label Feb 14, 2024

cuixq removed their assignment Jun 3, 2024

github-actions bot added the stale The issue or PR is stale and pending automated closure label Aug 2, 2024

oliverchang added backlog Important but currently unprioritized and removed stale The issue or PR is stale and pending automated closure labels Aug 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scan and report dependency groups of vulnerabilities for Yarn #799

Scan and report dependency groups of vulnerabilities for Yarn #799

Ais8Ooz8 commented Feb 13, 2024

cuixq commented Feb 14, 2024

Ais8Ooz8 commented May 21, 2024

cuixq commented Jun 3, 2024

github-actions bot commented Aug 2, 2024

Scan and report dependency groups of vulnerabilities for Yarn #799

Scan and report dependency groups of vulnerabilities for Yarn #799

Comments

Ais8Ooz8 commented Feb 13, 2024

cuixq commented Feb 14, 2024

Ais8Ooz8 commented May 21, 2024

cuixq commented Jun 3, 2024

github-actions bot commented Aug 2, 2024