[dimitrisnl]

I hate it with passion. It won't respect pinned versions in package.json. I have to explicitly exclude stuff. Be better.

[worksonmine]

Could you elaborate a little? Are you saying it should ignore vulnerable packages simply because you pinned it to a specific version? Or does it warn even if your specific version isn't vulnerable?