|
|
|
|
|
|
by pmestha
1292 days ago
|
|
|
$npm audit usually warns the developers at install time and is often ignored. Having an ESLint plugin gives active warnings related to the issues and also blocks pipelines wherever necessary. More than blocking pipelines, This plugin doesn't throw errors for an entire package if only certain methods are vulnerable. For example, in `lodash` only 3 methods are vulnerable. So, it would be wrong to flag the entire package as vulnerable, instead only throw errors if the vulnerable methods are imported/used. That's why my ESLint plugin comes into picture and feels much better than many other tools available |
|
|