|
|
|
|
|
|
by laurent92
1693 days ago
|
|
|
I use `npm audit` and (and maven-dependency-check) and I trust that vulnerabilities discovered by others are enough. I assume that if I were a sensitive institution, I would pay people to inspect those dependencies and discover vulnerabilities. The medium term would be to publish a bug bounty, so researchers are incentivized to find vulnerabilities. |
|
|