• Features
  • Open source
  • Product
  • Security

    • Yarn support for security alerts

    Image of Justin Hutchings

    Justin Hutchings

    GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json and package-lock.json manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock manifests.

    Example security alerts

    How to enable security alerts for Yarn

    • If you have a public repository, you’ll start receiving these alerts automatically—no need to change anything.
    • If you have a private repository or if you previously opted out of receiving these alerts, just enable the dependency graph to start receiving alerts.

    Learn more about security alerts

    Related posts

    See what launched at GitHub Universe

    Missed the main event? Learn more about everything that launched at GitHub Universe, from GitHub for mobile and a redesigned notifications experience to the GitHub Archive Program.

    Read the day one keynote recap

    Secure the world's code, together

    On day two of GitHub Universe, we announced GitHub Security Lab, bringing together security researchers, maintainers, and companies across the industry to secure open source.

    Read the day two keynote recap