Automatically updating dependencies can be a bad practice but it doesn't have to be.
You are right. Having old dependencies can be bad. Doing the work takes time.
Some pitfalls can be:
1) You don't have any tests and you don't even know that your app/website is broken. Just because something builds does not mean that it works.
2) Testing the client code can be hard. You need to run e2e tests
3) If it is only about security problems then you should use npm audit.
4) Dependencies can introduce breaking changes and you don't even know it.
So yeah make sure you have a really good testing scenario before you automate dependency updating.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Automatically updating dependencies can be a bad practice but it doesn't have to be.
You are right. Having old dependencies can be bad. Doing the work takes time.
Some pitfalls can be:
1) You don't have any tests and you don't even know that your app/website is broken. Just because something builds does not mean that it works.
2) Testing the client code can be hard. You need to run e2e tests
3) If it is only about security problems then you should use
npm audit
.4) Dependencies can introduce breaking changes and you don't even know it.
So yeah make sure you have a really good testing scenario before you automate dependency updating.