loading...

re: When not to use package-lock.json VIEW POST

FULL DISCUSSION
 

I think this is like a double edge sword if some dependency in my package's tree is updated with a vulnerable package. That would directly affect my package. The same thing that happened with event-stream snyk.io/blog/malicious-code-found-...

Code of Conduct Report abuse