checklist.day

yarn-osv-audit

JSON →
library 0.1.8 ·javascript
verified Apr 27, 2026
devopsauth-security

A lightweight, zero-dependency CLI tool (v0.1.8, active development) that audits Yarn Classic (v1) lockfiles against the OSV.dev vulnerability database. It supports four output formats (compact, table, json, summary), config files, severity filtering, and allowlisting. Unlike npm audit or yarn audit, it uses the open-source OSV database and works with Yarn v1 lockfiles. Requires Node >=18. Released via GitHub Actions with npm provenance.

Traffic · last 30 days ↓83% vs prev 7d · indexed Mon Apr 27 · updated Thu Jun 11

total hits 15
actors 6 distinct systems
last hit 7d ago human
GPTBot
5
MetaBot
3
Script
1
Search engines
1
Humans
1

top countries 🇺🇸 United States · 🇨🇦 Canada · 🇮🇳 India · TH · 🇫🇷 France

Resources

githubgithub.com/duncanhoggan/yarn-osv-audit ↗
packagewww.npmjs.com/package/yarn-osv-audit ↗

API endpoints

full doc /v1/registry/yarn-osv-audit
install /v1/registry/yarn-osv-audit/install