|
|
|
|
|
|
by elmigranto
2984 days ago
|
|
|
Most likely only popular packages, forget about making `npm publish` a free security review (unless it runs custom eslint rules for stuff like Regex backtracking, etc.). And probably only guarantee it for particular version. And "guarantee" is probably too strong a word for it, unless there is a contract with some kind of liability attached. Same for "security", from the wording of it, they promise notifying about vulnerabilities, not performing comprehensive audits. |
|
|