-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: update documentation after changes
- Loading branch information
1 parent
3e76991
commit 6d6499e
Showing
1 changed file
with
13 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -114,6 +114,8 @@ success Already up-to-date. | |
| `--symlink` | Symlink type for `node_modules` ref | `junction` for Windows, `dir` otherwise | | | ||
| `--temp` | Directory for temporary assets | `<cwd>/node_modules/.cache/yarn-audit-fix` | | | ||
| `--verbose` | Switch log level to verbose/debug | `false` | | | ||
| `--exclude` | Array of glob patterns of packages to exclude from audit | | | | ||
| `--ignore` | Array of glob patterns of advisory IDs to ignore in the audit report | | | | ||
|
||
### ENV | ||
All mentioned above CLI options can be replaced with the corresponding env variables with leading **YAF** prefix. For example: | ||
|
@@ -338,6 +340,13 @@ yarn add yarn-audit-fix -D --ignore-engines | |
``` | ||
|
||
### Response Code: 400 (Bad Request) | ||
|
||
In some cases **yarn npm audit** fails because the `yarn.lock` file contains a transitive dependency in unreadable format: | ||
``` | ||
'example-dependency': 'npm:[email protected]' | ||
``` | ||
|
||
This will results in: | ||
```shell | ||
invoke yarn npm audit --all --json --recursive | ||
➤ YN0035: Bad Request | ||
|
@@ -347,6 +356,10 @@ invoke yarn npm audit --all --json --recursive | |
``` | ||
https://github.com/yarnpkg/berry/issues/4117 | ||
|
||
A workaround is available using the `exclude` option: | ||
1. Update project **yarn** to >=3.3.0 (lower version doesn't support this parameter for **yarn npm audit**). | ||
2. Apply `npx yarn-audit-fix --exclude example-dependency`. This will cause **yarn** to ignore `example-dependency` while creating the audit report. | ||
|
||
## Contributing | ||
Feel free to open any issues: bugs, feature requests or other questions. | ||
You're always welcome to suggest a PR. Just fork this repo, write some code, add some tests and push your changes. | ||
|