Nice write-up Pooya. Love seeing how developers further embrace Security ✨
I wanted to point out a nuance with regards to the relevancy of security fixes to package maintainers, and essentially those authoring libs and not end-user applications - where-as GitHub/Dependabot will update the lockfile directly, Snyk updates the package.json manifest as well, and so if a security fix for example is provided via a change from a nested dependency of say 5.2.1 version to 6.0.0 then this directly affects your end-users, as a next install will actually be grabbing the fixed nested dependency.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Nice write-up Pooya. Love seeing how developers further embrace Security ✨
I wanted to point out a nuance with regards to the relevancy of security fixes to package maintainers, and essentially those authoring libs and not end-user applications - where-as GitHub/Dependabot will update the lockfile directly, Snyk updates the package.json manifest as well, and so if a security fix for example is provided via a change from a nested dependency of say
5.2.1
version to6.0.0
then this directly affects your end-users, as a next install will actually be grabbing the fixed nested dependency.