You might previously use commands like
npm audit or
yarn audit to perform a vulnerability audit against the installed packages. In case any vulnerable dependencies found to update it you could use built-in
npm audit fix command. It would automatically install any compatible updates to vulnerable dependencies. Surprisingly, there is no
yarn alternative to fix it in the way
npm does, yet there are several workarounds which you can do.
The very straight forward option is to use
1yarn add yarn-audit-fix -D
Alternatively, you can use
This is my preferable approach to fix vulnerable dependencies.
package-lock.jsonfile without installing node modules
1npm install --package-lock-only
1npm audit fix
yarn.lockfile and import the
1rm yarn.lock23yarn import
For monthly notes on software development and entrepreneurship.