Y
Hacker News
new
|
ask
|
show
|
jobs
by
kaishiro
1814 days ago
As a security engineer, do you feel like the addition of npm audit is a net positive for the security of the npm ecosystem?
1 comments
efitz
1814 days ago
Net positive for awareness. Not sure I like the “force update with dependency that might break me”. NPM audit needs the ability to filter by severity and the ability for users to tune vuln severities per project.
link