For Good First Issue is a curated list of open source projects that are also digital public goods and need the help of developers.
package-lock.json manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their
- If you have a public repository, you’ll start receiving these alerts automatically—no need to change anything.
- If you have a private repository or if you previously opted out of receiving these alerts, just enable the dependency graph to start receiving alerts.