osv-scanner icon indicating copy to clipboard operation
osv-scanner copied to clipboard
verified publisher icon google

Scan and report dependency groups of vulnerabilities for Yarn

Open Ais8Ooz8 opened this issue 1 year ago • 4 comments

Need the same mechanism https://github.com/google/osv-scanner/pull/655 using dependencies and devDependencies from package.json

Ais8Ooz8 avatar Feb 13 '24 10:02 Ais8Ooz8

@Ais8Ooz8 thank you for your feedback!

For Yarn, devDependencies are specified in pacakge.json and osv-scanner currently scans yarn.lock for vulnerabilities. We can report dependency groups for Yarn once we support scanning package.json.

cuixq avatar Feb 14 '24 06:02 cuixq

Up

Ais8Ooz8 avatar May 21 '24 19:05 Ais8Ooz8

Related issue to support manifest scanning: https://github.com/google/osv-scanner/issues/416

cuixq avatar Jun 03 '24 01:06 cuixq

This issue has not had any activity for 60 days and will be automatically closed in two weeks

github-actions[bot] avatar Aug 02 '24 01:08 github-actions[bot]