Y
Hacker News
new
|
ask
|
show
|
jobs
by
remram
1814 days ago
This is not a vulnerability (ie. security bug) it's an attack (ie. malicious).
1 comments
Vinnl
1814 days ago
It doesn't really matter how you call it; the problem is that there could be CVE's in your devDependencies that affect your production build, and pruning those dependencies after using them to create that build doesn't remove the risk.
link