
For Good First Issue: Introducing a new way to contribute
For Good First Issue is a curated list of open source projects that are also digital public goods and need the help of developers.
Yarn now supports security alerts for public and private repositories.
GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json
and package-lock.json
manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock
manifests.