Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan and report dependency groups of vulnerabilities for Yarn #799

Open
Ais8Ooz8 opened this issue Feb 13, 2024 · 2 comments
Open

Scan and report dependency groups of vulnerabilities for Yarn #799

Ais8Ooz8 opened this issue Feb 13, 2024 · 2 comments
Assignees
@cuixq
Labels
enhancement New feature or request

Comments

@Ais8Ooz8
Copy link

Need the same mechanism #655 using dependencies and devDependencies from package.json
@cuixq cuixq self-assigned this Feb 14, 2024
@cuixq cuixq added the enhancement New feature or request label Feb 14, 2024
@cuixq
Copy link
Contributor

cuixq commented Feb 14, 2024

@Ais8Ooz8 thank you for your feedback!

For Yarn, devDependencies are specified in pacakge.json and osv-scanner currently scans yarn.lock for vulnerabilities. We can report dependency groups for Yarn once we support scanning package.json.

@Ais8Ooz8
Copy link
Author

Up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cuixq cuixq

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ais8Ooz8 @cuixq