Yarn support for security alerts

GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json and package-lock.json manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock manifests.

How to enable security alerts for Yarn

If you have a public repository, you’ll start receiving these alerts automatically—no need to change anything.
If you have a private repository or if you previously opted out of receiving these alerts, just enable the dependency graph to start receiving alerts.

Learn more about security alerts

Tags:

features

More on features

Responsible AI pair programming with GitHub Copilot

GitHub Copilot boosts developer productivity, but using it responsibly still requires good developer and DevSecOps practices.

Colin Dembovsky

Unboxing fork improvements

We’re always trying to improve the GitHub developer experience in meaningful ways, and we love learning from our customers. In the last several months we released several new fork capabilities, and we’re publishing revised fork documentation that gives more details with clearer explanations to make fork concepts easier to understand.

Jamie Strusz

Math support in Markdown

Mathematical expressions are key to information sharing amongst engineers, scientists, data scientists, and mathematicians. Today we are pleased to announce that math expressions can be rendered in Markdown on GitHub using $$ as a delimiter for code blocks with math content or the $ delimiter for inline math expressions.

Martin Woodward & Tali Herzka

Explore more from GitHub