New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yarn audit does not work with an external repository #7012

adamscybot opened this Issue Feb 7, 2019 · 1 comment


None yet
3 participants
Copy link

adamscybot commented Feb 7, 2019

Do you want to request a feature or report a bug?

What is the current behavior?

When running yarn audit with the --registry flag, it uses the main yarn repo anyway.

If the current behavior is a bug, please provide the steps to reproduce.

Execute yarn audit --registry

What is the expected behavior?

Audit calls are made to the defined registry. This is especially important for everyone with third party repo's where the outside world it blocked on CI agents. Or if you're using some kind of proxy.

Please mention your node.js, yarn and operating system version.

Mac Os Mojave
Yarn 1.13.0
Node 10.15.1


This comment has been minimized.

Copy link

abhisheksoni27 commented Feb 17, 2019

What exactly is happening on LINE 217 ?

async _fetchAudit(auditTree: AuditTree): Object {
let responseJson;
const registry = YARN_REGISTRY;
this.reporter.verbose(`Audit Request: ${JSON.stringify(auditTree, null, 2)}`);
const requestBody = await gzip(JSON.stringify(auditTree));
const response = await this.config.requestManager.request({
url: `${registry}/-/npm/v1/security/audits`,
method: 'POST',
body: requestBody,
headers: {
'Content-Encoding': 'gzip',
'Content-Type': 'application/json',
Accept: 'application/json',

Do you have an endpoint configured that automatically calls npm's audit registry ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment