Reply to post: Re: Elephant in the room ?

Security warning deluge from 'npm audit' is driving developers to distraction

Filippo Silver badge

Re: Elephant in the room ?

Exactly that. The reason we ended up never running the audit was that it took forever to make sure that all the warnings were false positives.

And the reason for that was that most of the warnings were about packages that none of us had ever even heard of, but were pulled as transitive dependencies. That means that, in order to make sure it's a false positive, you need to review the package, figure out what it does and how it does it and how the library you're using is using it in turn, and so on and so forth.

I don't see how it's a sustainable model. Me, I'm just steering clear of JS development any time I can help it, and charging twice as much when I can't.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021