How do you cope with the issues of libraries having security vulnerabilities but there's no fix yet? With open source packages this might even be more apparent than ever. Maintainer are rightfully not in any contract to provide you support, yet you rely on third-party software by volunteers.In this piece I want to show you how we've adopted surgical patches to help remove this burden and risk from users.https://snyk.io/blog/staying-ahead-of-security-vulnerabilities-with-security-patches/Disclaimer, as I noted in the post's title, I'm a developer advocate at Snyk and this is a story about how we're able to protect projects, such as the recent case with lodash, where vulnerabilities are known yet fixes are overdue, and millions of projects are waiting for a fix.You might also find some bits of how npm lifecycle events work that you didn't know of before ;-)
Submitted August 01, 2019 at 07:15PM by lirantal
No comments:
Post a Comment