July 2, 2019

Yarn support for security alerts

Justin Hutchings

GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json and package-lock.json manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock manifests.

How to enable security alerts for Yarn

If you have a public repository, you’ll start receiving these alerts automatically—no need to change anything.
If you have a private repository or if you previously opted out of receiving these alerts, just enable the dependency graph to start receiving alerts.

Learn more about security alerts

Join us at GitHub Universe

Our largest product and community conference is returning to the Palace of Fine Arts in San Francisco, November 13-14. Hear what's next for the GitHub platform, find inspiration for your next project, and connect with developers who are changing the world.

Get tickets

GitHub Actions now supports CI/CD

GitHub Actions makes it easier to automate how you build, test, and deploy your projects on any platform, including Linux, macOS, and Windows. Try out the beta before GitHub Actions is generally available on November 13.

How to enable security alerts for Yarn

Save time linking resources with autolink references

How partners like GitKraken use GitHub Actions

Streamline your workflow with GitHub Actions from open source maintainers

Join us at GitHub Universe

GitHub Actions now supports CI/CD