Skip to content
This repository has been archived by the owner on Apr 4, 2022. It is now read-only.
/ auditdeps Public archive

Audit dependencies in Yarn 2 (berry) projects

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MrEfrem/auditdeps

BranchesTags

Repository files navigation

Audit dependencies in Yarn 2 (berry) projects

Using

Yarn 2 (berry)

yarn dlx @efrem/auditdeps [--level=(low|moderate|high|critical)] [--production] [--ignore-cwe=cwe-126] [--ignore-cwe=cwe-] [--ignore-cwe=cwe-79]

Npm

npx @efrem/auditdeps [--level=(low|moderate|high|critical)] [--production] [--ignore-cwe=cwe-126] [--ignore-cwe=cwe-] [--ignore-cwe=cwe-79]

  • --level is optional and by default all vulneravilities shown. But if it's set then shown only vulnerabilities of selected level or higher.

  • --production is optional and by default all packages are verifying. When it's set only packages from dependencies section are verified.

  • --ignore-cwe is optional and by default any found vulnerability leads the command exits with code 1. Buf if it's set and if all found vulnerabilities are ignored then the command exits with code 0.

Development

VSCode

  • Setup (https://yarnpkg.com/advanced/editor-sdks#vscode)

    • Open this project directly otherwise you should add to VSCode Workspace settings.json:
    "typescript.tsdk": "<current directory name>/.yarn/sdks/typescript/lib"
    • Press ctrl+shift+p in a TypeScript file
    • Choose "Select TypeScript Version"
    • Pick "Use Workspace Version"

About

Audit dependencies in Yarn 2 (berry) projects

Topics

yarn berry

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

New command argument Latest
Sep 17, 2020
+ 2 releases

Packages

No packages published

Languages