Yarn support for security alerts

GitHub security alerts help developers stay on top of vulnerabilities that impact their dependencies. JavaScript developers already receive alerts for their NPM-based projects that use package.json and package-lock.json manifests. Now developers who use Yarn for dependency management will also receive security alerts for any vulnerable dependencies listed in their yarn.lock manifests.

How to enable security alerts for Yarn

If you have a public repository, you’ll start receiving these alerts automatically—no need to change anything.
If you have a private repository or if you previously opted out of receiving these alerts, just enable the dependency graph to start receiving alerts.

Learn more about security alerts

Tags:

features

Introducing the new GitHub Issues

Announcing new beta features for GitHub Issues for better planning and tracking of your projects in GitHub, including project tables, task lists, and issue forms.

Mario Rodriguez

GitHub Packages Container registry is generally available

Throughout the beta, we added features to improve the experience of using the Container registry. Today, we’re excited to announce that the Container registry is generally available as part of GitHub Packages!

Nilofer Rajpurkar

GitHub Desktop supports hiding whitespace, expanding diffs, and creating repository aliases

GitHub Desktop 2.8 now includes several new features to make it easier to work with diffs and easier for people who have multiple copies of the same repository. Expand diffs…

Billy Griffin

Yarn support for security alerts

How to enable security alerts for Yarn

Related posts

How we’re using projects to build projects

GitHub Achieves ISO/IEC 27001:2013 Certification!

Open Source Monthly – May 2022 Edition