Justin Hutchings
Director of Product Management for supply chain security. I manage the team that's behind Dependabot, the Advisory Database, and the dependency graph. Twitter: https://twitter.com/jhutchings0
Yarn now supports security alerts for public and private repositories.
GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json
and package-lock.json
manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock
manifests.
Learn more about security alerts
See what’s happening at Universe 2025, from experimental dev tools and career coaching to community-powered spaces. Save $400 on your pass with Early Bird pricing.
Delegate coding tasks to Copilot and track progress wherever you are on GitHub. Copilot works in the background, creates a pull request, and tags you for review when finished.
Discover the latest trends and insights on public software development activity on GitHub with the quarterly release of data for the Innovation Graph, updated through March 2025.