From f9da643511aaec345f7219651615324b6e6c3d55 Mon Sep 17 00:00:00 2001
From: TaylorHo <taylor@hotay.dev>
Date: Wed, 7 May 2025 11:00:18 -0300
Subject: [PATCH 1/4] feat!: support pnpm audit + removing duplicated tests +
 updated docs

---
 .github/CONTRIBUTING.md                       |  19 +-
 .github/workflows/playwright.yml              |   7 +-
 ...audit-v10.json => npm-audit-node-v10.json} |   0
 ...audit-v16.json => npm-audit-node-v16.json} |   0
 .playwright/fixtures/pnpm-audit-v10.json      | 174 ++++++++++++++++++
 README.md                                     |  25 ++-
 package-lock.json                             |  44 ++---
 package.json                                  |  13 +-
 src/index.js                                  |  38 ++--
 tests/data-table-v10.spec.js                  |  31 ----
 tests/data-table-v16.spec.js                  |  31 ----
 tests/summary-pnpm.spec.js                    |  42 +++++
 tests/summary-v10.spec.js                     |   2 +-
 tests/summary-v16.spec.js                     |   2 +-
 14 files changed, 309 insertions(+), 119 deletions(-)
 rename .playwright/fixtures/{npm-audit-v10.json => npm-audit-node-v10.json} (100%)
 rename .playwright/fixtures/{npm-audit-v16.json => npm-audit-node-v16.json} (100%)
 create mode 100644 .playwright/fixtures/pnpm-audit-v10.json
 delete mode 100644 tests/data-table-v10.spec.js
 delete mode 100644 tests/data-table-v16.spec.js
 create mode 100644 tests/summary-pnpm.spec.js

diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
index 6c77762..640955a 100644
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -7,13 +7,21 @@
 To test the project locally, you use one of the test audits as input to this script, as shown below:
 
 1. To test with a NodeJS v16+ audit:
+
 ```bash
-cat .playwright/fixtures/npm-audit-v16.json | node ./src/index.js <parameters>
+cat .playwright/fixtures/npm-audit-node-v16.json | node ./src/index.js <parameters>
 ```
 
 2. To test with a NodeJS v10 to v15 audits:
+
+```bash
+cat .playwright/fixtures/npm-audit-node-v10.json | node ./src/index.js <parameters>
+```
+
+3. To test with pnpm audits:
+
 ```bash
-cat .playwright/fixtures/npm-audit-v10.json | node ./src/index.js <parameters>
+cat .playwright/fixtures/pnpm-audit-v10.json | node ./src/index.js <parameters>
 ```
 
 ## Node.js Version Compatibility
@@ -23,12 +31,13 @@ The tool is designed to work with different versions of Node.js. Specifically:
 - For Node.js v10 to v14.
 - For Node.js v16 and higher.
 
-<sub>odd versions aren't listed, but also works.</sub>
+<sub>It also works with <code>npm</code>, <code>pnpm</code> and <code>yarn</code></sub><br/>
+<sub>Odd versions aren't listed, but also works.</sub>
 
-So make sure to test the tool in both version ranges to ensure compatibility. 🔄
+So make sure to test the tool in both version ranges and tools to ensure compatibility. 🔄
 
 ## Thank You! 🙌
 
 We would like to extend our heartfelt gratitude to all contributors who have helped improve this project. Your time and effort are highly appreciated. If you encounter any issues or have suggestions, please open an issue or submit a pull request. Together, we can make audit-export even more awesome! 💪
 
-Happy coding! 🚀
\ No newline at end of file
+Happy coding! 🚀
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index e5169e4..80aabd1 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -55,10 +55,13 @@ jobs:
         if: matrix.browser == 'webkit'
 
       - name: Generate mock audit report for Node v10 ~ v14 (default options)
-        run: cat ${{ github.workspace }}/.playwright/fixtures/npm-audit-v10.json | node ./src/index.js --path ${{ github.workspace }}/npm-audit-v10.html --title playwright-test
+        run: cat ${{ github.workspace }}/.playwright/fixtures/npm-audit-node-v10.json | node ./src/index.js --path ${{ github.workspace }}/npm-audit-node-v10.html --title playwright-test
 
       - name: Generate mock audit report for Node v16 ~ lts (default options)
-        run: cat ${{ github.workspace }}/.playwright/fixtures/npm-audit-v16.json | node ./src/index.js --path ${{ github.workspace }}/npm-audit-v16.html --title playwright-test
+        run: cat ${{ github.workspace }}/.playwright/fixtures/npm-audit-node-v16.json | node ./src/index.js --path ${{ github.workspace }}/npm-audit-node-v16.html --title playwright-test
+
+      - name: Generate mock audit report for pnpm v10 (default options)
+        run: cat ${{ github.workspace }}/.playwright/fixtures/pnpm-audit-v10.json | node ./src/index.js --path ${{ github.workspace }}/pnpm-audit-v10.html --title playwright-test
 
       - name: Run Playwright tests for ${{ matrix.browser }}
         env:
diff --git a/.playwright/fixtures/npm-audit-v10.json b/.playwright/fixtures/npm-audit-node-v10.json
similarity index 100%
rename from .playwright/fixtures/npm-audit-v10.json
rename to .playwright/fixtures/npm-audit-node-v10.json
diff --git a/.playwright/fixtures/npm-audit-v16.json b/.playwright/fixtures/npm-audit-node-v16.json
similarity index 100%
rename from .playwright/fixtures/npm-audit-v16.json
rename to .playwright/fixtures/npm-audit-node-v16.json
diff --git a/.playwright/fixtures/pnpm-audit-v10.json b/.playwright/fixtures/pnpm-audit-v10.json
new file mode 100644
index 0000000..8e44508
--- /dev/null
+++ b/.playwright/fixtures/pnpm-audit-v10.json
@@ -0,0 +1,174 @@
+{
+  "actions": [
+    {
+      "action": "review",
+      "module": "esbuild",
+      "resolves": [
+        {
+          "id": 1102341,
+          "path": ".>@sveltejs/adapter-vercel>esbuild",
+          "dev": false,
+          "optional": false,
+          "bundled": false
+        }
+      ]
+    },
+    {
+      "action": "review",
+      "module": "cookie",
+      "resolves": [
+        {
+          "id": 1103907,
+          "path": ".>@sveltejs/kit>cookie",
+          "dev": false,
+          "optional": false,
+          "bundled": false
+        }
+      ]
+    },
+    {
+      "action": "review",
+      "module": "vite",
+      "resolves": [
+        {
+          "id": 1104176,
+          "path": ".>vite",
+          "dev": false,
+          "optional": false,
+          "bundled": false
+        }
+      ]
+    }
+  ],
+  "advisories": {
+    "1102341": {
+      "findings": [
+        {
+          "version": "0.24.2",
+          "paths": [
+            ".>@sveltejs/adapter-vercel>esbuild"
+          ]
+        }
+      ],
+      "found_by": null,
+      "deleted": null,
+      "references": "- https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99\n- https://github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d\n- https://github.com/advisories/GHSA-67mh-4wv8-2f99",
+      "created": "2025-02-10T17:48:07.000Z",
+      "id": 1102341,
+      "npm_advisory_id": null,
+      "overview": "### Summary\n\nesbuild allows any websites to send any request to the development server and read the response due to default CORS settings.\n\n### Details\n\nesbuild sets `Access-Control-Allow-Origin: *` header to all requests, including the SSE connection, which allows any websites to send any request to the development server and read the response.\n\nhttps://github.com/evanw/esbuild/blob/df815ac27b84f8b34374c9182a93c94718f8a630/pkg/api/serve_other.go#L121\nhttps://github.com/evanw/esbuild/blob/df815ac27b84f8b34374c9182a93c94718f8a630/pkg/api/serve_other.go#L363\n\n**Attack scenario**:\n\n1. The attacker serves a malicious web page (`http://malicious.example.com`).\n1. The user accesses the malicious web page.\n1. The attacker sends a `fetch('http://127.0.0.1:8000/main.js')` request by JS in that malicious web page. This request is normally blocked by same-origin policy, but that's not the case for the reasons above.\n1. The attacker gets the content of `http://127.0.0.1:8000/main.js`.\n\nIn this scenario, I assumed that the attacker knows the URL of the bundle output file name. But the attacker can also get that information by\n\n- Fetching `/index.html`: normally you have a script tag here\n- Fetching `/assets`: it's common to have a `assets` directory when you have JS files and CSS files in a different directory and the directory listing feature tells the attacker the list of files\n- Connecting `/esbuild` SSE endpoint: the SSE endpoint sends the URL path of the changed files when the file is changed (`new EventSource('/esbuild').addEventListener('change', e => console.log(e.type, e.data))`)\n- Fetching URLs in the known file: once the attacker knows one file, the attacker can know the URLs imported from that file\n\nThe scenario above fetches the compiled content, but if the victim has the source map option enabled, the attacker can also get the non-compiled content by fetching the source map file.\n\n### PoC\n\n1. Download [reproduction.zip](https://github.com/user-attachments/files/18561484/reproduction.zip)\n2. Extract it and move to that directory\n1. Run `npm i`\n1. Run `npm run watch`\n1. Run `fetch('http://127.0.0.1:8000/app.js').then(r => r.text()).then(content => console.log(content))` in a different website's dev tools.\n\n![image](https://github.com/user-attachments/assets/08fc2e4d-e1ec-44ca-b0ea-78a73c3c40e9)\n\n### Impact\n\nUsers using the serve feature may get the source code stolen by malicious websites.",
+      "reported_by": null,
+      "title": "esbuild enables any website to send any requests to the development server and read the response",
+      "metadata": null,
+      "cves": [],
+      "access": "public",
+      "severity": "moderate",
+      "module_name": "esbuild",
+      "vulnerable_versions": "<=0.24.2",
+      "github_advisory_id": "GHSA-67mh-4wv8-2f99",
+      "recommendation": "Upgrade to version 0.25.0 or later",
+      "patched_versions": ">=0.25.0",
+      "updated": "2025-02-10T17:48:08.000Z",
+      "cvss": {
+        "score": 5.3,
+        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
+      },
+      "cwe": [
+        "CWE-346"
+      ],
+      "url": "https://github.com/advisories/GHSA-67mh-4wv8-2f99"
+    },
+    "1103907": {
+      "findings": [
+        {
+          "version": "0.6.0",
+          "paths": [
+            ".>@sveltejs/kit>cookie"
+          ]
+        }
+      ],
+      "found_by": null,
+      "deleted": null,
+      "references": "- https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x\n- https://github.com/jshttp/cookie/pull/167\n- https://github.com/jshttp/cookie/commit/e10042845354fea83bd8f34af72475eed1dadf5c\n- https://github.com/advisories/GHSA-pxg6-pf52-xh8x",
+      "created": "2024-10-04T20:31:00.000Z",
+      "id": 1103907,
+      "npm_advisory_id": null,
+      "overview": "### Impact\n\nThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize(\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a\", value)` would result in `\"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test\"`, setting `userName` cookie to `<script>` and ignoring `value`.\n\nA similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.\n\n### Patches\n\nUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.\n\n### Workarounds\n\nAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.\n\n### References\n\n* https://github.com/jshttp/cookie/pull/167",
+      "reported_by": null,
+      "title": "cookie accepts cookie name, path, and domain with out of bounds characters",
+      "metadata": null,
+      "cves": [
+        "CVE-2024-47764"
+      ],
+      "access": "public",
+      "severity": "low",
+      "module_name": "cookie",
+      "vulnerable_versions": "<0.7.0",
+      "github_advisory_id": "GHSA-pxg6-pf52-xh8x",
+      "recommendation": "Upgrade to version 0.7.0 or later",
+      "patched_versions": ">=0.7.0",
+      "updated": "2025-04-15T13:56:44.000Z",
+      "cvss": {
+        "score": 0,
+        "vectorString": null
+      },
+      "cwe": [
+        "CWE-74"
+      ],
+      "url": "https://github.com/advisories/GHSA-pxg6-pf52-xh8x"
+    },
+    "1104176": {
+      "findings": [
+        {
+          "version": "6.3.2",
+          "paths": [
+            ".>vite"
+          ]
+        }
+      ],
+      "found_by": null,
+      "deleted": null,
+      "references": "- https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3\n- https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\n- https://nvd.nist.gov/vuln/detail/CVE-2025-46565\n- https://github.com/advisories/GHSA-859w-5945-r5v3",
+      "created": "2025-04-30T17:40:27.000Z",
+      "id": 1104176,
+      "npm_advisory_id": null,
+      "overview": "### Summary\nThe contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching pattern can be returned to the browser.\n\n### Impact\n\nOnly apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.\nOnly files that are under [project `root`](https://vite.dev/config/shared-options.html#root) and are denied by a file matching pattern can be bypassed.\n\n- Examples of file matching patterns: `.env`, `.env.*`, `*.{crt,pem}`, `**/.env`\n- Examples of other patterns: `**/.git/**`, `.git/**`, `.git/**/*`\n\n### Details\n[`server.fs.deny`](https://vite.dev/config/server-options.html#server-fs-deny) can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns).\nThese patterns were able to bypass for files under `root` by using a combination of slash and dot (`/.`).\n\n### PoC\n```\nnpm create vite@latest\ncd vite-project/\ncat \"secret\" > .env\nnpm install\nnpm run dev\ncurl --request-target /.env/. http://localhost:5173\n```\n\n![image](https://github.com/user-attachments/assets/822f4416-aa42-461f-8c95-a88d155e674b)\n![image](https://github.com/user-attachments/assets/42902144-863a-4afb-ac5b-fc16effa37cc)",
+      "reported_by": null,
+      "title": "Vite's server.fs.deny bypassed with /. for files under project root",
+      "metadata": null,
+      "cves": [
+        "CVE-2025-46565"
+      ],
+      "access": "public",
+      "severity": "moderate",
+      "module_name": "vite",
+      "vulnerable_versions": ">=6.3.0 <=6.3.3",
+      "github_advisory_id": "GHSA-859w-5945-r5v3",
+      "recommendation": "Upgrade to version 6.3.4 or later",
+      "patched_versions": ">=6.3.4",
+      "updated": "2025-05-02T15:33:48.000Z",
+      "cvss": {
+        "score": 0,
+        "vectorString": null
+      },
+      "cwe": [
+        "CWE-22"
+      ],
+      "url": "https://github.com/advisories/GHSA-859w-5945-r5v3"
+    }
+  },
+  "muted": [],
+  "metadata": {
+    "vulnerabilities": {
+      "info": 0,
+      "low": 1,
+      "moderate": 2,
+      "high": 0,
+      "critical": 0
+    },
+    "dependencies": 314,
+    "devDependencies": 0,
+    "optionalDependencies": 0,
+    "totalDependencies": 314
+  }
+}
diff --git a/README.md b/README.md
index e369802..5124ab3 100644
--- a/README.md
+++ b/README.md
@@ -13,12 +13,13 @@ A convenient tool to **export npm audit results** to a comprehensive **offline H
 > Inspired by [npm-audit-html](https://www.npmjs.com/package/npm-audit-html), but with more Node.js versions supported, offline support and lightweight ⚡
 
 ## Main Features
-* Lightweight & Efficient
-* Fully Offline Functionality
-* Advanced Filters, Search, and Ordering
-* Tags Filtering Supported
-* Supports projects since Node v10
-* Download results as CSV or JSON
+
+- Lightweight & Efficient
+- Fully Offline Functionality
+- Advanced Filters, Search, and Ordering
+- Tags Filtering Supported
+- Supports projects since Node v10
+- Download results as CSV or JSON
 
 ## Compatibility
 
@@ -28,12 +29,20 @@ The syntax remains consistent with the earlier version 1.0.0; however, it's advi
 
 ## Installation
 
-Install globally using npm:
+Install globally using npm, pnpm or yarn:
 
 ```bash
 npm install -g audit-export
 ```
 
+```bash
+pnpm install -g audit-export
+```
+
+```bash
+yarn global add audit-export
+```
+
 ## Usage
 
 The tool is packed with a help function to see the usage ways. To see it, just pass the `--help` option.
@@ -42,6 +51,8 @@ There are some breaking changes in the usage syntax between versions <=3 and >=4
 
 The simplest usage is as the following:
 
+Note: All examples can change `npm audit --json` by the alternative tools `pnpm audit --json` or `yarn audit --json`.
+
 ```
 npm audit --json | audit-export
 ```
diff --git a/package-lock.json b/package-lock.json
index 6d2741c..0a57063 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17,9 +17,9 @@
       },
       "devDependencies": {
         "@biomejs/biome": "^1.9.4",
-        "@playwright/test": "^1.51.1",
-        "commit-and-tag-version": "^12.5.0",
-        "playwright": "^1.51.1"
+        "@playwright/test": "^1.52.0",
+        "commit-and-tag-version": "^12.5.1",
+        "playwright": "^1.52.0"
       },
       "engines": {
         "node": ">=10"
@@ -364,13 +364,13 @@
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz",
-      "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.52.0.tgz",
+      "integrity": "sha512-uh6W7sb55hl7D6vsAeA+V2p5JnlAqzhqFyF0VcJkKZXkgnFcVG9PziERRHQfPLfNGx1C292a4JqbWzhR8L4R1g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.51.1"
+        "playwright": "1.52.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -575,9 +575,9 @@
       }
     },
     "node_modules/commit-and-tag-version": {
-      "version": "12.5.0",
-      "resolved": "https://registry.npmjs.org/commit-and-tag-version/-/commit-and-tag-version-12.5.0.tgz",
-      "integrity": "sha512-Ll7rkKntH20iEFOPUT4e503Jf3J0J8jSN+aSeHuvNdtv4xmv9kSLSBg2CWsMVihwF3J2WvMHBEUSCKuDNesiTA==",
+      "version": "12.5.1",
+      "resolved": "https://registry.npmjs.org/commit-and-tag-version/-/commit-and-tag-version-12.5.1.tgz",
+      "integrity": "sha512-EA+0zGai6pPfpD1/hwuRDGMLZe00V4b1PtIFtZw5ra/PCan3kxOMVTnj/VuMTNgmH6lwbptObxVDYYzWXzndsg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -586,16 +586,16 @@
         "conventional-changelog-config-spec": "2.1.0",
         "conventional-changelog-conventionalcommits": "6.1.0",
         "conventional-recommended-bump": "7.0.1",
-        "detect-indent": "^6.0.0",
+        "detect-indent": "^6.1.0",
         "detect-newline": "^3.1.0",
         "dotgitignore": "^2.1.0",
-        "figures": "^3.1.0",
+        "figures": "^3.2.0",
         "find-up": "^5.0.0",
-        "git-semver-tags": "^5.0.0",
-        "jsdom": "^25.0.0",
+        "git-semver-tags": "^5.0.1",
+        "jsdom": "^25.0.1",
         "semver": "^7.6.3",
         "w3c-xmlserializer": "^5.0.0",
-        "yaml": "^2.4.1",
+        "yaml": "^2.6.0",
         "yargs": "^17.7.2"
       },
       "bin": {
@@ -2374,13 +2374,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz",
-      "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.52.0.tgz",
+      "integrity": "sha512-JAwMNMBlxJ2oD1kce4KPtMkDeKGHQstdpFPcPH3maElAXon/QZeTvtsfXmTMRyO9TslfoYOXkSsvao2nE1ilTw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.51.1"
+        "playwright-core": "1.52.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -2393,9 +2393,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz",
-      "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.52.0.tgz",
+      "integrity": "sha512-l2osTgLXSMeuLZOML9qYODUQoPPnUsKsb5/P6LJ2e6uPKXUdPK5WYhN4z03G+YNbWmGDY4YENauNu4ZKczreHg==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
diff --git a/package.json b/package.json
index a4fa7b2..dc1a809 100644
--- a/package.json
+++ b/package.json
@@ -10,9 +10,10 @@
     "format": "npx @biomejs/biome check --write ./src/",
     "prepare": "git init && git config --local core.hooksPath .hooks/",
     "playwright:install": "npx playwright install",
-    "test:prepare:nodev10": "cat .playwright/fixtures/npm-audit-v10.json | node ./src/index.js --path ./npm-audit-v10.html --title playwright-test",
-    "test:prepare:nodev16": "cat .playwright/fixtures/npm-audit-v16.json | node ./src/index.js --path ./npm-audit-v16.html --title playwright-test",
-    "pretest": "npm run playwright:install && npm run test:prepare:nodev10 && npm run test:prepare:nodev16",
+    "test:prepare:nodev10": "cat .playwright/fixtures/npm-audit-node-v10.json | node ./src/index.js --path ./npm-audit-node-v10.html --title playwright-test",
+    "test:prepare:nodev16": "cat .playwright/fixtures/npm-audit-node-v16.json | node ./src/index.js --path ./npm-audit-node-v16.html --title playwright-test",
+    "test:prepare:pnpmv10": "cat .playwright/fixtures/pnpm-audit-v10.json | node ./src/index.js --path ./pnpm-audit-v10.html --title playwright-test",
+    "pretest": "npm run playwright:install && npm run test:prepare:nodev10 && npm run test:prepare:nodev16 && npm run test:prepare:pnpmv10",
     "test": "playwright test",
     "release": "commit-and-tag-version",
     "pre-release": "commit-and-tag-version --prerelease beta"
@@ -51,9 +52,9 @@
   },
   "devDependencies": {
     "@biomejs/biome": "^1.9.4",
-    "@playwright/test": "^1.51.1",
-    "commit-and-tag-version": "^12.5.0",
-    "playwright": "^1.51.1"
+    "@playwright/test": "^1.52.0",
+    "commit-and-tag-version": "^12.5.1",
+    "playwright": "^1.52.0"
   },
   "commit-and-tag-version": {
     "types": [
diff --git a/src/index.js b/src/index.js
index fd108fe..1b0cb53 100755
--- a/src/index.js
+++ b/src/index.js
@@ -146,7 +146,15 @@ function getVulnerabilities(data) {
 		}
 	} else if (data.advisories) {
 		for (const vuln in data.advisories) {
-			allVulns.push(data.advisories[vuln]);
+			const vulnerability = data.advisories[vuln];
+			allVulns.push({
+				...vulnerability,
+				fixAvailable:
+					vulnerability.recommendation && vulnerability.patched_versions,
+				isDirect: vulnerability.findings.some((finding) =>
+					finding.paths.some((path) => (path.match(/>/g) || []).length === 1),
+				),
+			});
 		}
 	}
 
@@ -161,25 +169,29 @@ function getVulnerabilities(data) {
  * @returns {Object} - Processed vulnerability object.
  */
 function processVulnerability(vuln) {
+	const tags = [];
+	const cvesAndCwes = (vuln.cwe || [])
+		.concat(vuln.cves || [])
+		.filter((cwe) => cwe)
+		.join(", ");
+
+	if ("fixAvailable" in vuln) {
+		tags.push(vuln.fixAvailable ? "Fix Available" : "No Fix");
+	}
+
+	if ("isDirect" in vuln) {
+		tags.push(vuln.isDirect ? "Direct" : "Indirect");
+	}
+
 	if (vuln.title) {
 		return {
 			link: vuln.url,
 			name: vuln.title,
-			tags:
-				"isDirect" in vuln && "fixAvailable" in vuln
-					? [
-							// This `if` is used to avoid errors on node v10/v12, since these versions doesn't export these informations
-							vuln.isDirect ? "Direct" : "Indirect", // Direct or Indirect
-							vuln.fixAvailable === false ? "No Fix" : "Fix Available", // There's a fix available (we check if it's different than false because if there's a fix available the value will be an object, else it will be "false")
-						].filter((tag) => tag)
-					: [], // Ensure "null" items are removed
+			tags: tags,
 			package: vuln.name || vuln.module_name,
 			severity: vuln.severity,
 			severity_number: getNumberOfSeverity(vuln.severity),
-			cwes: (vuln.cwe || [])
-				.concat(vuln.cves)
-				.filter((cwe) => cwe)
-				.join(", "),
+			cwes: cvesAndCwes,
 		};
 	}
 }
diff --git a/tests/data-table-v10.spec.js b/tests/data-table-v10.spec.js
deleted file mode 100644
index 8d3c02b..0000000
--- a/tests/data-table-v10.spec.js
+++ /dev/null
@@ -1,31 +0,0 @@
-// @ts-check
-const { test, expect } = require("@playwright/test");
-
-test.beforeEach(async ({ page }) => {
-  await page.goto("npm-audit-v10.html");
-});
-
-test("displays the rows for critical vulnerabilities", async ({ page }) => {
-  const criticalRows = page.locator("tbody > tr > td > .badge.critical");
-  await expect(criticalRows).toHaveCount(0);
-});
-
-test("displays the rows for high vulnerabilities", async ({ page }) => {
-  const highRows = page.locator("tbody > tr > td > .badge.high");
-  await expect(highRows).toHaveCount(2);
-});
-
-test("displays the rows for moderate vulnerabilities", async ({ page }) => {
-  const moderateRows = page.locator("tbody > tr > td > .badge.moderate");
-  await expect(moderateRows).toHaveCount(4);
-});
-
-test("displays the rows for low vulnerabilities", async ({ page }) => {
-  const lowRows = page.locator("tbody > tr > td > .badge.low");
-  await expect(lowRows).toHaveCount(0);
-});
-
-test("displays the rows for info vulnerabilities", async ({ page }) => {
-  const lowRows = page.locator("tbody > tr > td > .badge.informative");
-  await expect(lowRows).toHaveCount(0);
-});
diff --git a/tests/data-table-v16.spec.js b/tests/data-table-v16.spec.js
deleted file mode 100644
index b5c0d26..0000000
--- a/tests/data-table-v16.spec.js
+++ /dev/null
@@ -1,31 +0,0 @@
-// @ts-check
-const { test, expect } = require("@playwright/test");
-
-test.beforeEach(async ({ page }) => {
-  await page.goto("npm-audit-v16.html");
-});
-
-test("displays the rows for critical vulnerabilities", async ({ page }) => {
-  const criticalRows = page.locator("tbody > tr > td > .badge.critical");
-  await expect(criticalRows).toHaveCount(4);
-});
-
-test("displays the rows for high vulnerabilities", async ({ page }) => {
-  const highRows = page.locator("tbody > tr > td > .badge.high");
-  await expect(highRows).toHaveCount(30);
-});
-
-test("displays the rows for moderate vulnerabilities", async ({ page }) => {
-  const moderateRows = page.locator("tbody > tr > td > .badge.moderate");
-  await expect(moderateRows).toHaveCount(17);
-});
-
-test("displays the rows for low vulnerabilities", async ({ page }) => {
-  const lowRows = page.locator("tbody > tr > td > .badge.low");
-  await expect(lowRows).toHaveCount(3);
-});
-
-test("displays the rows for info vulnerabilities", async ({ page }) => {
-  const lowRows = page.locator("tbody > tr > td > .badge.informative");
-  await expect(lowRows).toHaveCount(0);
-});
diff --git a/tests/summary-pnpm.spec.js b/tests/summary-pnpm.spec.js
new file mode 100644
index 0000000..138b0eb
--- /dev/null
+++ b/tests/summary-pnpm.spec.js
@@ -0,0 +1,42 @@
+// @ts-check
+const { test, expect } = require("@playwright/test");
+
+test.beforeEach(async ({ page }) => {
+  await page.goto("pnpm-audit-v10.html");
+});
+
+test("has the expected title", async ({ page }) => {
+  await expect(page).toHaveTitle(/playwright-test/);
+});
+
+test("reports the total number of vulnerabilities", async ({ page }) => {
+  await expect(page.getByText("Total: 3")).toBeVisible();
+});
+
+test("displays the number of vulnerable dependencies", async ({ page }) => {
+  await expect(page.getByText("Dependencies: 3")).toBeVisible();
+});
+
+test("displays the date when the report was last updated", async ({ page }) => {
+  await expect(page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/)).toBeVisible();
+});
+
+// test("displays the number of critical vulnerabilities", async ({ page }) => {
+//   await expect(page.getByText("Critical: 4")).toBeVisible();
+// });
+
+// test("displays the number of high vulnerabilities", async ({ page }) => {
+//   await expect(page.getByText("High: 30")).toBeVisible();
+// });
+
+test("displays the number of moderate vulnerabilities", async ({ page }) => {
+  await expect(page.getByText("Moderate: 2")).toBeVisible();
+});
+
+test("displays the number of low vulnerabilities", async ({ page }) => {
+  await expect(page.getByText("Low: 1")).toBeVisible();
+});
+
+// test("displays the number of informative vulnerabilities", async ({ page }) => {
+//   await expect(page.getByText("Informative: 0")).not.toBeVisible();
+// });
\ No newline at end of file
diff --git a/tests/summary-v10.spec.js b/tests/summary-v10.spec.js
index e9ff6dc..6782f37 100644
--- a/tests/summary-v10.spec.js
+++ b/tests/summary-v10.spec.js
@@ -2,7 +2,7 @@
 const { test, expect } = require("@playwright/test");
 
 test.beforeEach(async ({ page }) => {
-  await page.goto("npm-audit-v10.html");
+  await page.goto("npm-audit-node-v10.html");
 });
 
 test("has the expected title", async ({ page }) => {
diff --git a/tests/summary-v16.spec.js b/tests/summary-v16.spec.js
index 90fa51e..03c8679 100644
--- a/tests/summary-v16.spec.js
+++ b/tests/summary-v16.spec.js
@@ -2,7 +2,7 @@
 const { test, expect } = require("@playwright/test");
 
 test.beforeEach(async ({ page }) => {
-  await page.goto("npm-audit-v16.html");
+  await page.goto("npm-audit-node-v16.html");
 });
 
 test("has the expected title", async ({ page }) => {

From 623da62e8a2d36eaae2af9ed59439ecbd85847e9 Mon Sep 17 00:00:00 2001
From: TaylorHo <taylor@hotay.dev>
Date: Wed, 7 May 2025 11:15:08 -0300
Subject: [PATCH 2/4] docs: improved usage description for new tools

---
 README.md    | 78 ++++++++++++++++++++++++++++------------------------
 src/index.js |  2 +-
 2 files changed, 43 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index 5124ab3..a2d7fd6 100644
--- a/README.md
+++ b/README.md
@@ -12,71 +12,77 @@ A convenient tool to **export npm audit results** to a comprehensive **offline H
 
 > Inspired by [npm-audit-html](https://www.npmjs.com/package/npm-audit-html), but with more Node.js versions supported, offline support and lightweight ⚡
 
+## Table of Contents
+
+- [Main Features](#main-features)
+- [Compatibility](#compatibility)
+- [Supported Audit Tools](#supported-audit-tools)
+- [Installation](#installation)
+- [Usage](#usage)
+- [Contributing](#contributing)
+- [Download](#download)
+- [License](#license)
+
 ## Main Features
 
-- Lightweight & Efficient
-- Fully Offline Functionality
-- Advanced Filters, Search, and Ordering
-- Tags Filtering Supported
-- Supports projects since Node v10
-- Download results as CSV or JSON
+- **Lightweight & Efficient**
+- **Fully Offline Functionality**
+- **Advanced Filters, Search, and Ordering**
+- **Tags Filtering Supported**
+- **Supports projects since Node v10**
+- **Download results as CSV or JSON**
 
 ## Compatibility
 
-**This package is compatible with Node.js versions 10 through 22, as well as future versions.**
+**This package supports Node.js versions 10 through 22, as well as future versions.**
+
+## Supported Audit Tools
 
-The syntax remains consistent with the earlier version 1.0.0; however, it's advisable to always use the latest version, as it offers numerous new features and enhancements.
+This tool processes the JSON output from your audit tool. It works with:
+
+- `npm audit --json`
+- `pnpm audit --json`
+- `yarn audit --json`
 
 ## Installation
 
-Install globally using npm, pnpm or yarn:
+Install globally using your preferred package manager:
 
 ```bash
 npm install -g audit-export
-```
-
-```bash
 pnpm install -g audit-export
-```
-
-```bash
 yarn global add audit-export
 ```
 
 ## Usage
 
-The tool is packed with a help function to see the usage ways. To see it, just pass the `--help` option.
-
-There are some breaking changes in the usage syntax between versions <=3 and >=4. [See the upgrading guide](#usage-syntax-breaking-changes).
+Pipe the JSON output from your audit command into `audit-export`:
 
-The simplest usage is as the following:
-
-Note: All examples can change `npm audit --json` by the alternative tools `pnpm audit --json` or `yarn audit --json`.
-
-```
+```bash
 npm audit --json | audit-export
+pnpm audit --json | audit-export
+yarn audit --json | audit-export
 ```
 
-But with more customizations you can use it in two different main ways:
+Customize the output path and HTML title:
 
-```
-npm audit --json | audit-export --path <path> --title <HTML_file_title>
+```bash
+npm audit --json | audit-export --path <output_path> --title <report_title> [--open]
 ```
 
-or:
+- `--path`: output file or directory (default: `./audit-report.html`)
+- `--title`: HTML report title (default: `NPM Audit Report`)
+- `--open`: automatically open the report in your default browser
 
-```
-npm audit --json | audit-export <path>
-```
-
-For all options you can pass the `--open` parameter to automatically open the report in the default browser.
-The `<path>` part can be just a folder, just a file, or a folder with file path. Can be relative or full. It will work using the defaults when needed.
+For all options and advanced usage, run:
 
-<sub><strong>All parameters are optional.</strong><br/>By default it will use <i>the current folder</i>, <i>"audit-report.html"</i> as file name, and <i>"NPM Audit Report"</i> as title.</sub>
+```bash
+audit-export --help
+```
 
-## Usage syntax breaking changes
+## Usage Syntax Breaking Changes
 
-In versions **lower or equal than 3**, folder and file where separated parameters. **After version 4** both were merged into a single `--path` parameter, that can be the folder, the file, or both. Previously it was `--folder` and `--file`, now removed parameters.
+In versions **lower or equal than 3**, folder and file were separate parameters. **After version 4** both were merged into a single `--path` parameter, that can be the folder, the file, or both. Previously it was `--folder` and `--file`, now removed parameters.
 
 ## Contributing
 
diff --git a/src/index.js b/src/index.js
index 1b0cb53..ee2ca50 100755
--- a/src/index.js
+++ b/src/index.js
@@ -17,7 +17,7 @@ const OPTIONS = {
 };
 
 const HELP_TEXT =
-	"\n  Usage:\n\n    // Option 1\n    $ npm audit --json | audit-export\n\n    // Option 2\n    $ npm audit --json | audit-export <path>\n\n    // Option 3\n    $ npm audit --json | audit-export --path <path> --title <title of the HTML report>\n\n    // <path> can be a folder path or a html file path,\n    // this way you can choose the location and the file name\n\n    // All parameters are optional\n    // Use --open to automatically open the report in the default browser\n";
+	'\n  Usage:\n\n    $ npm audit --json | audit-export [--path <output_path>] [--title <report_title>] [--open]\n\n    Supported package managers:\n    $ npm/pnpm/yarn audit --json | audit-export\n\n    Parameters:\n    --path    Output file or directory path (default: ./audit-report.html)\n    --title   HTML report title (default: NPM Audit Report)\n    --open    Automatically open the report in your default browser\n\n    Examples:\n    $ npm audit --json | audit-export\n    $ npm audit --json | audit-export --path ./reports/security.html\n    $ npm audit --json | audit-export --title "Project Security Report" --open\n';
 
 /**
  * Processes the input data and writes it to the specified file or folder.

From 3fb16d2df71908729361a804d3d16ecd19862bb3 Mon Sep 17 00:00:00 2001
From: TaylorHo <taylor@hotay.dev>
Date: Wed, 7 May 2025 11:29:12 -0300
Subject: [PATCH 3/4] docs: readme tags and sponsor logo

---
 README.md | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index a2d7fd6..e1151f3 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,30 @@
 # Npm Audit Export 🕵️‍♂️
 
-[![npm version](https://img.shields.io/npm/v/audit-export?style=flat-square)](https://www.npmjs.com/package/audit-export)
-[![npm downloads](https://img.shields.io/npm/dy/audit-export?style=flat-square)](https://www.npmjs.com/package/audit-export)
+<p align="center">
+  <a href="https://www.hotay.dev">
+    <picture>
+        <source media="(prefers-color-scheme: dark)" srcset="https://www.hotay.dev/logo/logo-light.svg" width="150">
+        <source media="(prefers-color-scheme: light)" srcset="https://www.hotay.dev/logo/logo-dark.svg" width="150">
+        <img alt="Hotay Logo" src="https://www.hotay.dev/logo/logo-dark.svg" width="150">
+    </picture>
+  </a>
+</p>
+
+<p align="center">
+  A <a href="https://www.hotay.dev">Hotay</a> project. If you like our work, please <a href="https://github.com/hotaydev/">follow us on GitHub</a>!
+</p>
+
+<p align="center">
+  <a href="https://www.npmjs.com/package/audit-export">
+    <img src="https://img.shields.io/npm/v/audit-export?style=flat-square" alt="npm version">
+  </a>
+  <a href="https://www.npmjs.com/package/audit-export">
+    <img src="https://img.shields.io/npm/dy/audit-export?style=flat-square" alt="npm downloads">
+  </a>
+  <a href="https://github.com/hotaydev/audit-export/blob/main/LICENSE">
+    <img alt="GitHub License" src="https://img.shields.io/github/license/hotaydev/audit-export?style=flat-square">
+  </a>
+</p>
 
 A convenient tool to **export npm audit results** to a comprehensive **offline HTML page**, providing a clear overview of your project's vulnerabilities.
 

From 6ce65c11efeb869d921de62b9669a1cfbeb587d1 Mon Sep 17 00:00:00 2001
From: TaylorHo <taylor@hotay.dev>
Date: Thu, 8 May 2025 09:59:12 -0300
Subject: [PATCH 4/4] feat!: yarn support + tests linting + deduplication of
 findings

---
 .github/workflows/playwright.yml      |   3 +
 .playwright/fixtures/yarn-audit.jsonl |   4 +
 package.json                          |   5 +-
 src/index.js                          | 143 +++++++++++++++++++++++---
 src/template.ejs                      |   2 +-
 tests/summary-pnpm.spec.js            |  18 ++--
 tests/summary-v10.spec.js             |  24 +++--
 tests/summary-v16.spec.js             |  24 +++--
 tests/summary-yarn.spec.js            |  44 ++++++++
 9 files changed, 217 insertions(+), 50 deletions(-)
 create mode 100644 .playwright/fixtures/yarn-audit.jsonl
 create mode 100644 tests/summary-yarn.spec.js

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 80aabd1..8dd8598 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -63,6 +63,9 @@ jobs:
       - name: Generate mock audit report for pnpm v10 (default options)
         run: cat ${{ github.workspace }}/.playwright/fixtures/pnpm-audit-v10.json | node ./src/index.js --path ${{ github.workspace }}/pnpm-audit-v10.html --title playwright-test
 
+      - name: Generate mock audit report for yarn (default options)
+        run: cat ${{ github.workspace }}/.playwright/fixtures/yarn-audit.jsonl | node ./src/index.js --path ${{ github.workspace }}/yarn-audit.html --title playwright-test
+
       - name: Run Playwright tests for ${{ matrix.browser }}
         env:
           WEB_BROWSER: ${{ matrix.browser }}
diff --git a/.playwright/fixtures/yarn-audit.jsonl b/.playwright/fixtures/yarn-audit.jsonl
new file mode 100644
index 0000000..84b60c9
--- /dev/null
+++ b/.playwright/fixtures/yarn-audit.jsonl
@@ -0,0 +1,4 @@
+{"type":"info","data":"No lockfile found."}
+{"type":"auditAdvisory","data":{"resolution":{"id":1102459,"path":"rspress>@rspress/core>react-syntax-highlighter>refractor>prismjs","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.27.0","paths":["rspress>@rspress/core>react-syntax-highlighter>refractor>prismjs","rspress>@rspress/core>@rspress/theme-default>react-syntax-highlighter>refractor>prismjs"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-53382\n- https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\n- https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259\n- https://github.com/PrismJS/prism/pull/3863\n- https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d\n- https://github.com/advisories/GHSA-x7hr-w5r2-h6wg","created":"2025-03-03T09:30:34.000Z","id":1102459,"npm_advisory_id":null,"overview":"Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.","reported_by":null,"title":"PrismJS DOM Clobbering vulnerability","metadata":null,"cves":["CVE-2024-53382"],"access":"public","severity":"moderate","module_name":"prismjs","vulnerable_versions":"<1.30.0","github_advisory_id":"GHSA-x7hr-w5r2-h6wg","recommendation":"Upgrade to version 1.30.0 or later","patched_versions":">=1.30.0","updated":"2025-03-10T22:19:23.000Z","cvss":{"score":4.9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},"cwe":["CWE-94"],"url":"https://github.com/advisories/GHSA-x7hr-w5r2-h6wg"}}}
+{"type":"auditAdvisory","data":{"resolution":{"id":1102459,"path":"rspress>@rspress/core>@rspress/theme-default>react-syntax-highlighter>refractor>prismjs","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.27.0","paths":["rspress>@rspress/core>react-syntax-highlighter>refractor>prismjs","rspress>@rspress/core>@rspress/theme-default>react-syntax-highlighter>refractor>prismjs"]}],"found_by":null,"deleted":null,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-53382\n- https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660\n- https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259\n- https://github.com/PrismJS/prism/pull/3863\n- https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d\n- https://github.com/advisories/GHSA-x7hr-w5r2-h6wg","created":"2025-03-03T09:30:34.000Z","id":1102459,"npm_advisory_id":null,"overview":"Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.","reported_by":null,"title":"PrismJS DOM Clobbering vulnerability","metadata":null,"cves":["CVE-2024-53382"],"access":"public","severity":"moderate","module_name":"prismjs","vulnerable_versions":"<1.30.0","github_advisory_id":"GHSA-x7hr-w5r2-h6wg","recommendation":"Upgrade to version 1.30.0 or later","patched_versions":">=1.30.0","updated":"2025-03-10T22:19:23.000Z","cvss":{"score":4.9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"},"cwe":["CWE-94"],"url":"https://github.com/advisories/GHSA-x7hr-w5r2-h6wg"}}}
+{"type":"auditSummary","data":{"vulnerabilities":{"info":0,"low":0,"moderate":2,"high":0,"critical":0},"dependencies":372,"devDependencies":0,"optionalDependencies":0,"totalDependencies":372}}
diff --git a/package.json b/package.json
index dc1a809..6bda27b 100644
--- a/package.json
+++ b/package.json
@@ -7,13 +7,14 @@
     "audit-export": "src/index.js"
   },
   "scripts": {
-    "format": "npx @biomejs/biome check --write ./src/",
+    "format": "npx @biomejs/biome check --write ./src/ ./tests/",
     "prepare": "git init && git config --local core.hooksPath .hooks/",
     "playwright:install": "npx playwright install",
     "test:prepare:nodev10": "cat .playwright/fixtures/npm-audit-node-v10.json | node ./src/index.js --path ./npm-audit-node-v10.html --title playwright-test",
     "test:prepare:nodev16": "cat .playwright/fixtures/npm-audit-node-v16.json | node ./src/index.js --path ./npm-audit-node-v16.html --title playwright-test",
     "test:prepare:pnpmv10": "cat .playwright/fixtures/pnpm-audit-v10.json | node ./src/index.js --path ./pnpm-audit-v10.html --title playwright-test",
-    "pretest": "npm run playwright:install && npm run test:prepare:nodev10 && npm run test:prepare:nodev16 && npm run test:prepare:pnpmv10",
+    "test:prepare:yarn": "cat .playwright/fixtures/yarn-audit.jsonl | node ./src/index.js --path ./yarn-audit.html --title playwright-test",
+    "pretest": "npm run playwright:install && npm run test:prepare:nodev10 && npm run test:prepare:nodev16 && npm run test:prepare:pnpmv10 && npm run test:prepare:yarn",
     "test": "playwright test",
     "release": "commit-and-tag-version",
     "pre-release": "commit-and-tag-version --prerelease beta"
diff --git a/src/index.js b/src/index.js
index ee2ca50..7378b00 100755
--- a/src/index.js
+++ b/src/index.js
@@ -85,8 +85,26 @@ function writeOutput(options, path, data) {
  * @returns {string} - HTML content generated from the template.
  */
 function generateHtmlTemplateContent(options, data) {
+	// Handling yarn audit data - that is jsonl, not json
+	let tool;
+	let jsonData;
+	try {
+		jsonData = JSON.parse(data);
+		tool = data.advisories ? "pnpm" : "npm";
+	} catch (error) {
+		// Data couldn't be parsed as JSON, so it's a jsonl file
+		jsonData = JSON.parse(
+			`[${data
+				.split("\n")
+				.filter((line) => line.trim())
+				.join(",")}]`,
+		);
+
+		tool = "yarn";
+	}
+
 	const TEMPLATE = fs.readFileSync(join([__dirname, "template.ejs"]), "utf-8");
-	const vulnerabilities = getVulnerabilities(JSON.parse(data));
+	const vulnerabilities = getVulnerabilities(jsonData);
 	const packageJson = fs.readFileSync(
 		join([__dirname, "..", "package.json"]),
 		"utf-8",
@@ -109,6 +127,7 @@ function generateHtmlTemplateContent(options, data) {
 		vulnerabilities: vulnerabilities,
 		version: JSON.parse(packageJson).version ?? "Unknown",
 		packageLockLocation: join([process.cwd(), "package-lock.json"]),
+		tool: tool,
 	};
 
 	return ejs.render(TEMPLATE, templateData);
@@ -130,23 +149,83 @@ function countVulnerabilities(vulnerabilities, severity) {
  * @returns {Array} - Array of processed vulnerability objects.
  */
 function getVulnerabilities(data) {
+	let allVulns = [];
+
+	if (Array.isArray(data)) {
+		allVulns = getVulnerabilitiesFromYarnAudit(data);
+	} else if (data.vulnerabilities) {
+		allVulns = getVulnerabilitiesFromNpmAudit(data);
+	} else if (data.advisories) {
+		allVulns = getVulnerabilitiesFromPnpmAudit(data);
+	}
+
+	return deduplicateEntries(
+		allVulns.map((vuln) => processVulnerability(vuln)).filter((vuln) => vuln),
+	);
+}
+
+/**
+ * Extracts and processes vulnerability data from npm audit report.
+ *
+ * @param {Object} data - The npm audit report data.
+ * @returns {Array} - An array of processed vulnerability objects.
+ */
+function getVulnerabilitiesFromNpmAudit(data) {
 	const allVulns = [];
 
-	if (data.vulnerabilities) {
-		for (const pkg in data.vulnerabilities) {
-			for (const vulnerability of data.vulnerabilities[pkg].via) {
-				if (typeof vulnerability !== "string") {
-					allVulns.push({
-						...vulnerability,
-						isDirect: data.vulnerabilities[pkg].isDirect,
-						fixAvailable: data.vulnerabilities[pkg].fixAvailable,
-					});
-				}
+	for (const pkg in data.vulnerabilities) {
+		for (const vulnerability of data.vulnerabilities[pkg].via) {
+			if (typeof vulnerability !== "string") {
+				allVulns.push({
+					...vulnerability,
+					isDirect: data.vulnerabilities[pkg].isDirect,
+					fixAvailable: data.vulnerabilities[pkg].fixAvailable,
+				});
 			}
 		}
-	} else if (data.advisories) {
-		for (const vuln in data.advisories) {
-			const vulnerability = data.advisories[vuln];
+	}
+
+	return allVulns;
+}
+
+/**
+ * Extracts and processes vulnerability data from pnpm audit report.
+ *
+ * @param {Object} data - The pnpm audit report data.
+ * @returns {Array} - An array of processed vulnerability objects.
+ */
+function getVulnerabilitiesFromPnpmAudit(data) {
+	const allVulns = [];
+
+	for (const vuln in data.advisories) {
+		const vulnerability = data.advisories[vuln];
+
+		allVulns.push({
+			...vulnerability,
+			fixAvailable:
+				vulnerability.recommendation && vulnerability.patched_versions,
+			isDirect: vulnerability.findings.some((finding) =>
+				finding.paths.some((path) => (path.match(/>/g) || []).length === 1),
+			),
+		});
+	}
+
+	return allVulns;
+}
+
+/**
+ * Extracts and processes vulnerability data from yarn audit report.
+ *
+ * @param {Array} data - The yarn audit report data.
+ * @returns {Array} - An array of processed vulnerability objects.
+ */
+function getVulnerabilitiesFromYarnAudit(data) {
+	const allVulns = [];
+
+	for (const arrayItem of data) {
+		if (arrayItem.type === "auditAdvisory") {
+			const vulnerability = arrayItem.data.advisory;
+
 			allVulns.push({
 				...vulnerability,
 				fixAvailable:
@@ -158,9 +237,7 @@ function getVulnerabilities(data) {
 		}
 	}
 
-	return allVulns
-		.map((vuln) => processVulnerability(vuln))
-		.filter((vuln) => vuln);
+	return allVulns;
 }
 
 /**
@@ -195,6 +272,38 @@ function processVulnerability(vuln) {
 		};
 	}
 }
+/**
+ * Removes duplicate entries from an array of objects based on their keys and values.
+ *
+ * @param {Array} array - The array of objects to deduplicate.
+ * @returns {Array} - A new array with duplicate entries removed.
+ */
+function deduplicateEntries(array) {
+	return array.filter((item, index, self) => {
+		return (
+			index ===
+			self.findIndex((other) => {
+				const keys1 = Object.keys(item);
+				const keys2 = Object.keys(other);
+				if (keys1.length !== keys2.length) return false;
+
+				return keys1.every((key) => {
+					const val1 = item[key];
+					const val2 = other[key];
+
+					// Compare arrays
+					if (Array.isArray(val1) && Array.isArray(val2)) {
+						return (
+							val1.length === val2.length && val1.every((v, i) => v === val2[i])
+						);
+					}
+
+					return val1 === val2;
+				});
+			})
+		);
+	});
+}
 
 /**
  * Turn a string severity into the correspondent number
diff --git a/src/template.ejs b/src/template.ejs
index b6f0278..6842776 100644
--- a/src/template.ejs
+++ b/src/template.ejs
@@ -316,7 +316,7 @@
       <%= currentDate %>
     </h5>
     <h5 style=" margin-top: 10px;">Generated with <a href="https://www.npmjs.com/package/audit-export"
-        target="_blank">audit-export</a></h5>
+        target="_blank">audit-export</a>, using <strong><%= tool %></strong> report</h5>
   </div>
 
   <div class="info-categories">
diff --git a/tests/summary-pnpm.spec.js b/tests/summary-pnpm.spec.js
index 138b0eb..146a839 100644
--- a/tests/summary-pnpm.spec.js
+++ b/tests/summary-pnpm.spec.js
@@ -2,23 +2,25 @@
 const { test, expect } = require("@playwright/test");
 
 test.beforeEach(async ({ page }) => {
-  await page.goto("pnpm-audit-v10.html");
+	await page.goto("pnpm-audit-v10.html");
 });
 
 test("has the expected title", async ({ page }) => {
-  await expect(page).toHaveTitle(/playwright-test/);
+	await expect(page).toHaveTitle(/playwright-test/);
 });
 
 test("reports the total number of vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Total: 3")).toBeVisible();
+	await expect(page.getByText("Total: 3")).toBeVisible();
 });
 
 test("displays the number of vulnerable dependencies", async ({ page }) => {
-  await expect(page.getByText("Dependencies: 3")).toBeVisible();
+	await expect(page.getByText("Dependencies: 3")).toBeVisible();
 });
 
 test("displays the date when the report was last updated", async ({ page }) => {
-  await expect(page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/)).toBeVisible();
+	await expect(
+		page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/),
+	).toBeVisible();
 });
 
 // test("displays the number of critical vulnerabilities", async ({ page }) => {
@@ -30,13 +32,13 @@ test("displays the date when the report was last updated", async ({ page }) => {
 // });
 
 test("displays the number of moderate vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Moderate: 2")).toBeVisible();
+	await expect(page.getByText("Moderate: 2")).toBeVisible();
 });
 
 test("displays the number of low vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Low: 1")).toBeVisible();
+	await expect(page.getByText("Low: 1")).toBeVisible();
 });
 
 // test("displays the number of informative vulnerabilities", async ({ page }) => {
 //   await expect(page.getByText("Informative: 0")).not.toBeVisible();
-// });
\ No newline at end of file
+// });
diff --git a/tests/summary-v10.spec.js b/tests/summary-v10.spec.js
index 6782f37..f09cea0 100644
--- a/tests/summary-v10.spec.js
+++ b/tests/summary-v10.spec.js
@@ -2,41 +2,43 @@
 const { test, expect } = require("@playwright/test");
 
 test.beforeEach(async ({ page }) => {
-  await page.goto("npm-audit-node-v10.html");
+	await page.goto("npm-audit-node-v10.html");
 });
 
 test("has the expected title", async ({ page }) => {
-  await expect(page).toHaveTitle(/playwright-test/);
+	await expect(page).toHaveTitle(/playwright-test/);
 });
 
 test("reports the total number of vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Total: 6")).toBeVisible();
+	await expect(page.getByText("Total: 6")).toBeVisible();
 });
 
 test("displays the number of vulnerable dependencies", async ({ page }) => {
-  await expect(page.getByText("Dependencies: 4")).toBeVisible();
+	await expect(page.getByText("Dependencies: 4")).toBeVisible();
 });
 
 test("displays the date when the report was last updated", async ({ page }) => {
-  await expect(page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/)).toBeVisible();
+	await expect(
+		page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/),
+	).toBeVisible();
 });
 
 test("displays the number of critical vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Critical: 0")).not.toBeVisible();
+	await expect(page.getByText("Critical: 0")).not.toBeVisible();
 });
 
 test("displays the number of high vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("High: 2")).toBeVisible();
+	await expect(page.getByText("High: 2")).toBeVisible();
 });
 
 test("displays the number of moderate vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Moderate: 4")).toBeVisible();
+	await expect(page.getByText("Moderate: 4")).toBeVisible();
 });
 
 test("displays the number of low vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Low: 0")).not.toBeVisible();
+	await expect(page.getByText("Low: 0")).not.toBeVisible();
 });
 
 test("displays the number of informative vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Informative: 0")).not.toBeVisible();
-});
\ No newline at end of file
+	await expect(page.getByText("Informative: 0")).not.toBeVisible();
+});
diff --git a/tests/summary-v16.spec.js b/tests/summary-v16.spec.js
index 03c8679..ab33bd0 100644
--- a/tests/summary-v16.spec.js
+++ b/tests/summary-v16.spec.js
@@ -2,41 +2,43 @@
 const { test, expect } = require("@playwright/test");
 
 test.beforeEach(async ({ page }) => {
-  await page.goto("npm-audit-node-v16.html");
+	await page.goto("npm-audit-node-v16.html");
 });
 
 test("has the expected title", async ({ page }) => {
-  await expect(page).toHaveTitle(/playwright-test/);
+	await expect(page).toHaveTitle(/playwright-test/);
 });
 
 test("reports the total number of vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Total: 54")).toBeVisible();
+	await expect(page.getByText("Total: 49")).toBeVisible();
 });
 
 test("displays the number of vulnerable dependencies", async ({ page }) => {
-  await expect(page.getByText("Dependencies: 36")).toBeVisible();
+	await expect(page.getByText("Dependencies: 36")).toBeVisible();
 });
 
 test("displays the date when the report was last updated", async ({ page }) => {
-  await expect(page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/)).toBeVisible();
+	await expect(
+		page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/),
+	).toBeVisible();
 });
 
 test("displays the number of critical vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Critical: 4")).toBeVisible();
+	await expect(page.getByText("Critical: 4")).toBeVisible();
 });
 
 test("displays the number of high vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("High: 30")).toBeVisible();
+	await expect(page.getByText("High: 27")).toBeVisible();
 });
 
 test("displays the number of moderate vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Moderate: 17")).toBeVisible();
+	await expect(page.getByText("Moderate: 15")).toBeVisible();
 });
 
 test("displays the number of low vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Low: 3")).toBeVisible();
+	await expect(page.getByText("Low: 3")).toBeVisible();
 });
 
 test("displays the number of informative vulnerabilities", async ({ page }) => {
-  await expect(page.getByText("Informative: 0")).not.toBeVisible();
-});
\ No newline at end of file
+	await expect(page.getByText("Informative: 0")).not.toBeVisible();
+});
diff --git a/tests/summary-yarn.spec.js b/tests/summary-yarn.spec.js
new file mode 100644
index 0000000..c9deece
--- /dev/null
+++ b/tests/summary-yarn.spec.js
@@ -0,0 +1,44 @@
+// @ts-check
+const { test, expect } = require("@playwright/test");
+
+test.beforeEach(async ({ page }) => {
+	await page.goto("yarn-audit.html");
+});
+
+test("has the expected title", async ({ page }) => {
+	await expect(page).toHaveTitle(/playwright-test/);
+});
+
+test("reports the total number of vulnerabilities", async ({ page }) => {
+	await expect(page.getByText("Total: 1")).toBeVisible();
+});
+
+test("displays the number of vulnerable dependencies", async ({ page }) => {
+	await expect(page.getByText("Dependencies: 1")).toBeVisible();
+});
+
+test("displays the date when the report was last updated", async ({ page }) => {
+	await expect(
+		page.getByText(/\d{2} of [A-Za-z]+, \d{4} - \d{2}:\d{2}:\d{2}/),
+	).toBeVisible();
+});
+
+// test("displays the number of critical vulnerabilities", async ({ page }) => {
+//   await expect(page.getByText("Critical: 4")).toBeVisible();
+// });
+
+// test("displays the number of high vulnerabilities", async ({ page }) => {
+//   await expect(page.getByText("High: 30")).toBeVisible();
+// });
+
+test("displays the number of moderate vulnerabilities", async ({ page }) => {
+	await expect(page.getByText("Moderate: 1")).toBeVisible();
+});
+
+// test("displays the number of low vulnerabilities", async ({ page }) => {
+//   await expect(page.getByText("Low: 1")).toBeVisible();
+// });
+
+// test("displays the number of informative vulnerabilities", async ({ page }) => {
+//   await expect(page.getByText("Informative: 0")).not.toBeVisible();
+// });