Reply to post: This is strangely redolent..

Security warning deluge from 'npm audit' is driving developers to distraction

Warm Braw Silver badge

This is strangely redolent..

... of the present England approach to coronavirus: the data looks bad so let's ignore it.

Frankly, if installation of an average npm package means trusting around 80 other packages there is something very wrong with the packaging structure and the alert overload is a clear warning of that. Given the amount of code you'd have to carefully analyse to claim that there is a 99+ per cent false positive rate, I'm not sure how credible that figure really is.

And this is not the only measure of the apparent fragility of this ecosystem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021