Comment by lrvick
2 months ago
I have built and shipped production web applications for many large orgs with millions of users. Used 1-2 libs tops that i reviewed myself.
Also now as someone that runs a security consulting firm, we absolutely have clients that review 100% of dependencies even when it is expensive.
Both are valid options.
Normalized negligence is still negligence.
No comments yet
Contribute on Hacker News ↗