Skip to content

Please remove .yarn/cache from repo (add to .gitignore), it has vulnerable packages causing failing security scans #300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jeffbski-rga opened this issue Nov 5, 2024 · 2 comments
Open

Please remove .yarn/cache from repo (add to .gitignore), it has vulnerable packages causing failing security scans #300

jeffbski-rga opened this issue Nov 5, 2024 · 2 comments

Comments

@jeffbski-rga
Copy link

The .yarn/cache folder in this repo contains many vulnerable vulnerable packages causing failing security scans.

I doubt that the .yarn folder should be checked in at all either, but at least remove .yarn/cache.

You could remove it and add it to .gitignore.
@jeffbski-sketch
Copy link

#301 fixes this issue

@crzepa
Copy link

crzepa commented Mar 19, 2025

This is actually how Yarn Zero-Installs works;
https://yarnpkg.com/features/caching#zero-installs

What needs to be done to fix this is to whitelist what files should be added to the published bundle, so that the .yarn folder is not included.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crzepa @jeffbski-rga @jeffbski-sketch