Comment by 3np
2 years ago
> But luckily "npm audit" will warn us about 30 "high severity" ReDos "high impact" "vulnerabilities" that can never realistically be triggered and are not really a "vulnerability" in the first place, let alone a "high impact" one.
Yeah, you want to be using a tool that lets you ignore/acknowledge specific entries.
`npm audit` is not an end-all-be-all.
Like and subscribe[0]: https://github.com/npm/rfcs/pull/18
https://www.npmjs.com/package/npm-audit-resolver
[0]: The bottom comment from Jan sums up what happens when Microsoft steps up...
No comments yet
Contribute on Hacker News ↗