loading...

Discussion on: Fixing NPM Dependencies Vulnerabilities

Collapse
mnf profile image
Michael Freidgeim

Is it ok to ignore vulnerabilities in dev dependencies? In your particular example jest is used for tests, how the vulnerabilities in jest could cause the risks in production site? Should we spend time to fix vulnerabilities in dev packages?