Yarn 4+ audit wrapper compatible with improved-yarn-audit configuration
npm install @og_soft/yarn-audit-wrapperYarn 4+ wrapper around yarn npm audit, compatible with improved-yarn-audit config (.iyarc) and the --groups flag.
- From repo root: yarn install
- Build: yarn nx build yarn-audit-wrapper
- Prod only: yarn-audit-wrapper --groups=prod
- Prod + dev + peer: yarn-audit-wrapper --groups=prod,dev,peer
- Help: yarn-audit-wrapper --help
- Flags:
- --severity=
- --exclude= (repeatable: --exclude id1 --exclude id2)
- --groups=
- Exit codes: 0 no relevant findings, 1 relevant advisories found, 2 error or Yarn <4
.iyarc formatFree-form text with #/// comments. Put each advisory ID on its own line:
``ignored advisories
GHSA-1234-abcd-efgh
glob (deprecation)
`ts
import { runYarnAudit, filterAdvisories, loadConfig } from '@og_soft/yarn-audit-wrapper';
const config = await loadConfig(process.cwd());
const { advisories } = await runYarnAudit('prod,dev');
const relevant = filterAdvisories(advisories, {
severityThreshold: config.severity ?? 'low',
excludeIds: new Set(config.exclude),
});
console.log(relevant);
``