Skip to content

Yarn support for security alerts

Yarn now supports security alerts for public and private repositories.

Yarn support for security alerts
Author

GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json and package-lock.json manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock manifests.

Example security alerts

How to enable security alerts for Yarn

  • If you have a public repository, you’ll start receiving these alerts automatically—no need to change anything.
  • If you have a private repository or if you previously opted out of receiving these alerts, just enable the dependency graph to start receiving alerts.

Learn more about security alerts

Explore more from GitHub

Open Source

Open Source

Gaming, Git, new releases, and more.
The ReadME Project

The ReadME Project

Stories and voices from the developer community.
GitHub Copilot

GitHub Copilot

Don't fly solo. Try 30 days for free.
Work at GitHub!

Work at GitHub!

Check out our current job openings.