npm audit: broken by design ↦
Dan Abramov cuts right to the chase:
Have you heard the story about the boy who cried wolf? Spoiler alert: the wolf eats the sheep. If we don’t want our sheep to be eaten, we need better tools.
As of today,
npm audit
is a stain on the entire npm ecosystem. The best time to fix it was before rolling it out as a default. The next best time to fix it is now.
He goes on to lay out how it works, why it’s broken, and what changes he’s hoping to see.
Discussion
Sign in or Join to comment or subscribe