Ryan DeBeasi
Follow

It seems like lots of major GitHub repos (request, create-react-app, node-sass, Microsoft PXT) are getting warnings about the same potentially vulnerable npm dependency.

It's probably not a big problem and might even be a false positive, but either way it highlights how tricky security in the npm ecosystem can be.

github.com/request/request/iss
github.com/facebook/create-rea

Sign in to participate in the conversation
Mastodon

Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.