Skip to content

Edvins Antonovs

How to yarn audit fix

You might previously use commands like npm audit or yarn audit to perform a vulnerability audit against the installed packages. In case any vulnerable dependencies found to update it you could use built-in npm audit fix command. It would automatically install any compatible updates to vulnerable dependencies. Surprisingly, there is no yarn alternative to fix it in the way npm does, yet there are several workarounds which you can do.

Use yarn-audit-fix package

The very straight forward option is to use yarn-audit-fix package.

  1. Installation
1yarn add yarn-audit-fix -D

Alternatively, you can use npx.

1npx yarn-audit-fix
  1. Usage

Use npm audit fix as a temporary option

This is my preferable approach to fix vulnerable dependencies.

  1. Generate the package-lock.json file without installing node modules
1npm install --package-lock-only
  1. Fix the packages and update the package-lock.json file
1npm audit fix
  1. Remove the yarn.lock file and import the package-lock.json file into yarn.lock
1rm yarn.lock
3yarn import
  1. Remove the package-lock.json file
1rm package-lock.json
© 2023 by Edvins Antonovs. All rights reserved.