Y
Hacker News
new
|
ask
|
show
|
jobs
by
enumjorge
1814 days ago
The problem is, if a security vulnerability snaked past the maintainers of a project, what hope do I have as someone who consumes the package to a) catch it b) know how to fix it?
1 comments
cphoover
1814 days ago
That's exactly the issue that npm-audit seeks to ameliorate. It's not perfect, but it's better than nothing.
link