What is the most efficient method for examining dependencies in Yarn 2 (berry)?

Is there a way to check for vulnerabilities in Yarn 2 dependencies? In Yarn 1.x, you could run yarn audit, similar to npm audit. However, this command is not available in Yarn 2. According to this issue on the Yarn berry Github, it may not be implemented (project maintainers prefer a plugin approach).

I attempted to use 

npm install --package-lock-only && npm audit
, but it encountered issues with my local packages listed as link: in package.json.

Building a plugin wouldn't be difficult, although it's more fun to simply install something and move on with my day. I've searched but keep coming across outdated repositories.

Could there be an undocumented method or trick I'm missing? That's why I'm asking :)

As a workaround, I can temporarily remove the local packages using link: while running npm install and npm audit, but automating this process for CI isn't ideal.

javascripttypescriptnpmnpm-audityarnpkg-v2

Answer №1

Latest Update (28-Oct-2020):
Exciting news - Yarn 2 has finally incorporated the highly anticipated yarn npm audit feature!

Pull Request - https://github.com/yarnpkg/berry/pull/1893
Check out the Documentation here - https://yarnpkg.com/cli/npm/audit

In my recent exploration of Yarn 2, I came across an interesting tool called @efrem/auditdeps:

yarn dlx @efrem/auditdeps [--level=(low|moderate|high|critical)] [--production]

Although the output may not be as visually appealing as with npm audit, you do get more comprehensive details in JSON format which can easily be manipulated or piped to other tools for further analysis according to your requirements.

Answer №2

If you're looking to kickstart your daily runs, consider giving a try. While it may not be free for large commercial teams, it can still help you get started on your journey.

(Just to clarify, I have no affiliation with Snyk.io)

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Can you explain the meaning of `images:Array<Object> = [];` in TypeScript?

Recently, I stumbled upon this code snippet in TypeScript images:Array<Object> = []; I'm curious, what exactly does the "<>" notation signify? ...

typescript

BufferGeometry's Vertices

Since version 125, the use of THREE.Geometry has been deprecated. As we update our code base, we are encountering errors that are proving difficult to resolve. Our current task involves creating a sphere and applying a raycaster on it to determine the int ...

javascriptthree.js

Disappearing input field in DateTimePicker Bootstrap when blurred

Currently, I am utilizing the Bootstrap DateTimePicker plugin to enable users to select a specific date and time. The plugin functions well with one minor issue - whenever the user clicks outside or loses focus on the calendar box, both the box itself and ...

javascriptjqueryhtmlcsstwitter-bootstrap

Unable to display the string following a space in the value attribute of an hbs file

<input type="text" class="form-control" id="exampleInputEmail2" name="productName" value={{product.productName}} > When I input 'Smart Phones' into product.produc ...

javascripthtmlnode.jsexpresshbs

Console log displays varied outputs for identical arrays

Having an array in a static form and one that is filled using the ajax post function, I initially planned to replace the static array with the dynamic one. However, upon closer inspection, it seems that the two arrays are not matching. Array 1 (static) ...

javascriptphparraysajax

Issue with Bootstrap 5 Modal Overlay

I created a function that automatically generates a modal to save time and keep the code organized. This way, the HTML and JS related to the content of the modal are all in one PHP file, rather than mixed in with the file calling the modal: function new_mo ...

javascriptphpjquerybootstrap-5jquery-confirm

Steps to converting an enum or literal

Hey there, I'm relatively new to working with TypeScript and I've been experimenting with transforming enums/literals using functions. For instance, creating a capitalize function that capitalizes the first letter of a string. (e.g., mapping typ ...

typescriptenumstypescript-generics

Error: Port still in use with code 'EADDRINUSE' even after a kill command is executed

Recently, I have been engaging in various MERN activities consecutively and progressing through exercises. However, an issue arises when I attempt to run npm run develop. Despite using the kill command (trash icon) on my mac to stop the process, it indicat ...

node.jsnpmkill

The API call for /api/users/create was resolved without a response, which could potentially lead to requests getting stuck. This issue was detected in

I've developed an API endpoint to manage user account creation within my Next.js application, utilizing knex.js for handling queries. Despite this, I keep encountering the following error: API resolved without sending a response for /api/users/create ...

javascriptnode.jsapinext.jsknex.js

Creating a parameterized default route in Angular 2

These are the routes I've set up: import {RouteDefinition} from '@angular/router-deprecated'; import {HomeComponent} from './home/home.component'; import {TodolistComponent} from './todolist/todolist.component'; import { ...

angularjstypescriptangularangular2-routing

Failed to install angular-cli globally on the system

When attempting to globally install angular-cli, I encountered some errors. What steps should I take? C:\Users\Jahidul>npm install -g angular-cli npm WARN registry Using stale data from http://registry.npmjs.org/ because the host is inaccess ...

angularjsnode.jsnpm

What is the best way to trigger a method after an old component has been removed from the DOM while navigating within Angular

I am facing a challenge where I need to execute a method on ComponentB after a routerLink is clicked, causing the navigation from ComponentA to ComponentB. It is crucial that this method is triggered only after the entire navigation process is complete (i. ...

angulartypescriptangular-router

Excessive recursion in MooTools causing issues with Google Maps integration

Hello, I'm currently facing an issue with my WordPress plugin. Whenever Mootools is included, Google Maps are not displaying due to "too much recursion" error. Here is a snippet of the code for reference: Any suggestions or workarounds for this incon ...

javascriptgoogle-maps-api-3mootools

Is there a way to smoothly navigate back to the top within a Modal component while using React?

Here is the code snippet for scrolling back to the top of the page. const ScrollToTop = () => { const [showTopButton, setShowTopButton] = useState(false); useEffect(() => { window.addEventListener("scroll", () => { if ( ...

javascriptreactjsreact-hooksmaterial-ui

definition of a function with another function

I'm curious about whether it's considered a good practice in JavaScript to define a function within another function. Take a look at this code snippet: module.exports = function() { function foo() { // do something } ... foo() .. ...

javascriptnode.js

Three.js - Controlling Visibility of Text in troika-three-text with Clipping Planes

Has anyone successfully clipped troika-three-text for threejs using clipping planes? I'm having trouble getting it to work. import { Text } from 'troika-three-text' const minClippingPlane = new THREE.Plane(new THREE.Vector3(0, -1, 0), 1) c ...

javascriptthree.js

How do I retrieve distinct values from Math.random in JavaScript and prevent them from repeating?

I am attempting to fetch HTML dom elements remotely from a website using jquery/javascript. These elements are stored in an array and are unique, however, when I attempt to display them by generating random indexes with math.random() * my array.length, I n ...

javascriptarraysunique

Preventing jQuery Validate Plugin from Validating on Blur Events for a Custom Feature

How can I prevent jQuery validate from validating the form on blur events? I have a form with three pairs of start/end dates, each using DatePicker. Each pair should validate if the other field is filled because both are required for form submission. Howe ...

javascriptjqueryvalidationdatepickerjquery-validate

Utilizing indexes to incorporate elements into an object array

I'm currently working on a project using Angular. I have an index coming from the HTML, and here is the code snippet: save(index){ //this method will be called on click of save button } In my component, I have an array structured like this: data = [{ ...

arraysangulartypescript

Steps to efficiently enumerate the array of parameters in the NextJS router:

In my NextJS application, I have implemented a catch all route that uses the following code: import { useRouter} from 'next/router' This code snippet retrieves all the parameters from the URL path: const { params = [] } = router.query When I co ...

javascriptarraysnext.js