Skip to content

v1.22.0 - Dev dependency labelling and private registry detection for all parsers

Latest
Latest

Choose a tag to compare

View all tags
@sonukapoor sonukapoor released this 11 Jun 20:51
v1.22.0
This tag was signed with the committer’s verified signature.
sonukapoor Sonu Kapoor
GPG key ID: 3306B2C5600CA6DB
Verified
Learn about vigilant mode.
64a85e1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Dev dependency labelling: terminal output and HTML report now show direct · dev / transitive · dev for findings from devDependencies; Yarn Classic and Berry parsers updated to detect dev status
  • yarn-within-range and dev-only-finding example fixtures for regression testing

Fixed

  • Private registry detection (⚠ Unverifiable (private source)) now works for pnpm (legacy and v9), Yarn Classic, and Bun lockfiles — previously only npm was supported

Validation

  • npm test
  • npm run build
Assets 3
Loading