DEV Community


Discussion on: When not to use package-lock.json

nimit95 profile image
Nimit Aggarwal

I think this is like a double edge sword if some dependency in my package's tree is updated with a vulnerable package. That would directly affect my package. The same thing that happened with event-stream