{"id":18651187,"url":"https://github.com/sargunv/yarn-plugin-npm-audit-fix","last_synced_at":"2026-04-28T17:35:15.267Z","repository":{"id":146354330,"uuid":"598990184","full_name":"sargunv/yarn-plugin-npm-audit-fix","owner":"sargunv","description":"Yarn plugin to fix npm audit issues.","archived":false,"fork":false,"pushed_at":"2023-02-11T19:47:06.000Z","size":1336,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"yarn-v3","last_synced_at":"2025-05-17T21:38:06.726Z","etag":null,"topics":["plugin","yarn","yarn-berry","yarn-plugin"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sargunv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-08T08:13:10.000Z","updated_at":"2024-02-21T17:45:22.000Z","dependencies_parsed_at":"2023-07-05T00:19:10.884Z","dependency_job_id":null,"html_url":"https://github.com/sargunv/yarn-plugin-npm-audit-fix","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sargunv/yarn-plugin-npm-audit-fix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sargunv%2Fyarn-plugin-npm-audit-fix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sargunv%2Fyarn-plugin-npm-audit-fix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sargunv%2Fyarn-plugin-npm-audit-fix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sargunv%2Fyarn-plugin-npm-audit-fix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sargunv","download_url":"https://codeload.github.com/sargunv/yarn-plugin-npm-audit-fix/tar.gz/refs/heads/yarn-v3","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sargunv%2Fyarn-plugin-npm-audit-fix/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32392300,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T14:34:11.604Z","status":"ssl_error","status_checked_at":"2026-04-28T14:32:37.009Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["plugin","yarn","yarn-berry","yarn-plugin"],"created_at":"2024-11-07T06:48:49.138Z","updated_at":"2026-04-28T17:35:15.251Z","avatar_url":"https://github.com/sargunv.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `yarn npm audit fix`\n\nYarn plugin to fix npm audit issues.\n\nCurrently, the plugin searches for all descriptors in your dependency tree\nmatching the module name and vulnerable versions of an audit advisory, and\nchecks if new versions are available from the registry that will both satisfy\nthe patched version range from the advisory AND the descriptor's requested\nversion range. If so, it'll update the resolution to the new version.\n\nI plan to add some additional strategies in the future:\n\n- Walk up the tree from vulnerable packages to see if upgrading a parent package\n  will resolve the advisory\n- If updating a package that's a direct dependency via a project manifest,\n  update the manifest to declare the new version\n- Add a `--force` flag that will apply semver-compatible resolutions even if\n  they're not in the descriptor's requested range\n\n## Installation\n\nFor Yarn v3:\n\n```sh\nyarn plugin import 'https://raw.githubusercontent.com/sargunv/yarn-plugin-npm-audit-fix/yarn-v3/bundles/%40yarnpkg/plugin-npm-audit-fix.js'\n```\n\n## Usage\n\nTo attempt to fix all advisories:\n\n```sh\nyarn npm audit fix --all --recursive --mode=update-lockfile\n```\n\nThe command takes all the same flags as\n[yarn npm audit](https://yarnpkg.com/cli/npm/audit), and also `--mode` from\n[yarn install](https://yarnpkg.com/cli/install).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsargunv%2Fyarn-plugin-npm-audit-fix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsargunv%2Fyarn-plugin-npm-audit-fix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsargunv%2Fyarn-plugin-npm-audit-fix/lists"}