Quinn Turner
Quinn Turner
I don't think that's `v2.1.0` since `readline-transform` was not a dependency at that stage.
Hmm, I checked the build you sent and its output is unexpected: ``` Yarn audit report results: Passed yarn security audit. ``` Running locally, I get something like: ``` Yarn...
It seems that this is only happening with Yarn. I am not sure of the issue yet. Can someone who has reproduced this error run `yarn audit --json`? If you...
@jzsplk Thanks for the report. Can you attach your dependencies or run `yarn audit --json` and post it here?
This issue is certainly the biggest blocker to workflows for this project. Using `{npm|yarn} audit --json` on a project with _many_ advisories and advisory paths can make the program hang...
@vctormb Try refreshing your `yarn.lock`/`package-lock.json` (`rm yarn.lock && rm -rf ./node_modules && yarn`). You likely have too many existing transitive dependencies that are outdated that have vulnerabilities.
Hi @khaleksa, My current understanding of this problem is that you have too many vulnerabilities when performing npm audit. It _might_ have to do with a circular reference, but I...
Hey @crypto-matto, thanks for the report. What's the result when you use this command? ```sh yarn npm audit --recursive --json --all ```
Thanks for the feedback! I see no reason why we can't support a similar `nsprc` file format (at least, within the already existing `allowlist` array). ```json "allowlist": [ "GHSA-42xw-2xvc-qx8m", "GHSA-rp65-9cf3-cjxr":...
Thanks for filing this feature request 😄 I am open to improved reporting types and agree that the table format is more readable. Here is Yarn's implementation of the console...