Hacker News new | ask | show | jobs
by gitgud 1814 days ago
Agreed, you shouldn't see low risk security warnings by default, they're more appropriate for larger projects, with something to lose.

The [1] yarn package manager is much nicer to work with in many more ways.

[1] https://classic.yarnpkg.com/en/
1 comments
unanswered 1814 days ago
TFA identifies "high risk" false positives too, so this response doesn't seem to have anything to do with them problem as stated by TFA.
link