Skip to content

Commit

Permalink
chore: update documentation after changes
Browse files Browse the repository at this point in the history
  • Loading branch information
OrRosenblatt authored and antongolub committed Oct 26, 2024
1 parent 3e76991 commit 6d6499e
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,8 @@ success Already up-to-date.
| `--symlink` | Symlink type for `node_modules` ref | `junction` for Windows, `dir` otherwise | |
| `--temp` | Directory for temporary assets | `<cwd>/node_modules/.cache/yarn-audit-fix` | |
| `--verbose` | Switch log level to verbose/debug | `false` | |
| `--exclude` | Array of glob patterns of packages to exclude from audit | | |
| `--ignore` | Array of glob patterns of advisory IDs to ignore in the audit report | | |

### ENV
All mentioned above CLI options can be replaced with the corresponding env variables with leading **YAF** prefix. For example:
Expand Down Expand Up @@ -338,6 +340,13 @@ yarn add yarn-audit-fix -D --ignore-engines
```

### Response Code: 400 (Bad Request)

In some cases **yarn npm audit** fails because the `yarn.lock` file contains a transitive dependency in unreadable format:
```
'example-dependency': 'npm:[email protected]'
```

This will results in:
```shell
invoke yarn npm audit --all --json --recursive
➤ YN0035: Bad Request
Expand All @@ -347,6 +356,10 @@ invoke yarn npm audit --all --json --recursive
```
https://github.com/yarnpkg/berry/issues/4117

A workaround is available using the `exclude` option:
1. Update project **yarn** to >=3.3.0 (lower version doesn't support this parameter for **yarn npm audit**).
2. Apply `npx yarn-audit-fix --exclude example-dependency`. This will cause **yarn** to ignore `example-dependency` while creating the audit report.

## Contributing
Feel free to open any issues: bugs, feature requests or other questions.
You're always welcome to suggest a PR. Just fork this repo, write some code, add some tests and push your changes.
Expand Down

0 comments on commit 6d6499e

Please sign in to comment.