Log in to continue
We're a place where coders share, stay up-to-date and grow their careers.
DEV is a community of 469,958 amazing developers
We're a place where coders share, stay up-to-date and grow their careers.
We're a place where coders share, stay up-to-date and grow their careers.
re: When not to use package-lock.json VIEW POST
FULL DISCUSSIONI think this is like a double edge sword if some dependency in my package's tree is updated with a vulnerable package. That would directly affect my package. The same thing that happened with event-stream snyk.io/blog/malicious-code-found-...