npm audit: broken by design
Dan Abramov cuts right to the chase:
Have you heard the story about the boy who cried wolf? Spoiler alert: the wolf eats the sheep. If we don’t want our sheep to be eaten, we need better tools.
As of today,
npm audit
is a stain on the entire npm ecosystem. The best time to fix it was before rolling it out as a default. The next best time to fix it is now.
He goes on to lay out how it works, why it’s broken, and what changes he’s hoping to see.