Yarn support for security alerts
Yarn now supports security alerts for public and private repositories.
![](https://github.blog/wp-content/uploads/2019/07/yarnlockarbitrary9.png?resize=1208%2C625)
GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json
and package-lock.json
manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock
manifests.
How to enable security alerts for Yarn
- If you have a public repository, you’ll start receiving these alerts automatically—no need to change anything.
- If you have a private repository or if you previously opted out of receiving these alerts, just enable the dependency graph to start receiving alerts.
Learn more about security alerts
Tags:
Written by
Related posts
![](https://github.blog/wp-content/uploads/2023/09/screencapture-innovationgraph-github-2023-09-20-15_44_54-1.png?resize=400%2C212)
How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT
An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.
![](https://github.blog/wp-content/uploads/2024/01/Enterprise-DarkMode-1.png?resize=400%2C212)
GitHub Availability Report: June 2024
In June, we experienced two incidents that resulted in degraded performance across GitHub services.
![](https://github.blog/wp-content/uploads/2024/06/AI-DarkMode-4.png?resize=400%2C212)
Advancing responsible practices for open source AI
Outcomes from the Partnership on AI and GitHub workshop.