I'm no longer using David as it flagging certain deps as "insecure" is completely irrelevant and misleading in my case.
My app is a command-line development tool, it is only executed occasionally by a local user. David flags my app as being "insecure" due to a dep it has with a known XSS scripting vulnerability. This vulnerability is completely irrelevant in my case as the code is neither executed in a XSS nor server context. David flags my app as insecure despite there being no security issue. I get at least one issue/PR per week submitted about this so-called vulnerability and I'm tired of writing the same response.
I'm no longer using David as it flagging certain deps as "insecure" is completely irrelevant and misleading in my case.
My app is a command-line development tool, it is only executed occasionally by a local user. David flags my app as being "insecure" due to a dep it has with a known XSS scripting vulnerability. This vulnerability is completely irrelevant in my case as the code is neither executed in a XSS nor server context. David flags my app as insecure despite there being no security issue. I get at least one issue/PR per week submitted about this so-called vulnerability and I'm tired of writing the same response.
Could the "insecure" flag be made optional?