Gonçalo Valério @dethos
Follow

Be careful with the dependencies you include on your project. Examples like this:

blog.npmjs.org/post/1735268075

keep showing up. Using an automated tool to continuously check them might be a good strategy (an old post of mine listing some examples: blog.ovalerio.net/archives/129)

· Web · 0 · 0

@dethos Or far more common, libraries with security holes you can drive a truck through, like squel's (still not fixed afaik) failure to properly quote apostrophes under certain circumstances.