Comment by tonymet

slowly walking through a minefield isn’t any safer than running.

So unless you’re saying the extra time will be spent inspecting every package, whenever you do update, you will be getting an insecure package.

You’re not safe by dodging axios. There are currently thousands of breached packages ready to install that aren’t notable.

“I’ll run npm install after checking twitter” won’t help