Comment by dimitrisnl
2 days ago
I hate it with passion. It won't respect pinned versions in package.json. I have to explicitly exclude stuff. Be better.
2 days ago
I hate it with passion. It won't respect pinned versions in package.json. I have to explicitly exclude stuff. Be better.
Could you elaborate a little? Are you saying it should ignore vulnerable packages simply because you pinned it to a specific version? Or does it warn even if your specific version isn't vulnerable?