Skip to content

Edvins Antonovs

How to yarn audit fix

You might previously use commands like npm audit or yarn audit to perform a vulnerability audit against the installed packages. In case any vulnerable dependencies found to update it you could use built-in npm audit fix command. It would automatically install any compatible updates to vulnerable dependencies. Surprisingly, there is no yarn alternative to fix it in the way npm does, yet there are several workarounds which you can do.


Use yarn-audit-fix package

The very straight forward option is to use yarn-audit-fix package.

  1. Installation
1yarn add yarn-audit-fix -D

Alternatively, you can use npx.

1npx yarn-audit-fix
  1. Usage
1yarn-audit-fix

Use npm audit fix as a temporary option

This is my preferable approach to fix vulnerable dependencies.

  1. Generate the package-lock.json file without installing node modules
1npm install --package-lock-only
  1. Fix the packages and update the package-lock.json file
1npm audit fix
  1. Remove the yarn.lock file and import the package-lock.json file into yarn.lock
1rm yarn.lock
2
3yarn import
  1. Remove the package-lock.json file
1rm package-lock.json

Join the newsletter

For monthly notes on software development and entrepreneurship.

© 2021 by Edvins Antonovs. All rights reserved.