inspect for vulnerable dependencies
Constantly and automatically inspect for vulnerable dependencies
TL;DR: With the npm ecosystem it is common to have many dependencies for a project. Dependencies should always be kept in check as new vulnerabilities are found. Use tools like npm audit, nsp or snyk to track, monitor and patch vulnerable dependencies. Integrate these tools with your CI setup so you catch a vulnerable dependency before it makes it to production.
Otherwise: An attacker could detect your web framework and attack all its known vulnerabilities.
TL;DR: With the npm ecosystem it is common to have many dependencies for a project. Dependencies should always be kept in check as new vulnerabilities are found. Use tools like npm audit, nsp or snyk to track, monitor and patch vulnerable dependencies. Integrate these tools with your CI setup so you catch a vulnerable dependency before it makes it to production.
Otherwise: An attacker could detect your web framework and attack all its known vulnerabilities.
Comments
Post a Comment