|
|
|
|
|
|
by 3np
680 days ago
|
|
|
> But luckily "npm audit" will warn us about 30 "high severity" ReDos "high impact" "vulnerabilities" that can never realistically be triggered and are not really a "vulnerability" in the first place, let alone a "high impact" one. Yeah, you want to be using a tool that lets you ignore/acknowledge specific entries. `npm audit` is not an end-all-be-all. Like and subscribe[0]: https://github.com/npm/rfcs/pull/18 https://www.npmjs.com/package/npm-audit-resolver [0]: The bottom comment from Jan sums up what happens when Microsoft steps up... |
|
|