It seems like including so many 3rd party libraries could introduce vulnerabilities, especially if developers don't take the time to manually review them before including them, or don't keep them updated.
Would it be a good idea to incorporate the nsp tool from the Node Security Project (or something similar) into the build task?
It seems like including so many 3rd party libraries could introduce vulnerabilities, especially if developers don't take the time to manually review them before including them, or don't keep them updated.
Would it be a good idea to incorporate the
nsp
tool from the Node Security Project (or something similar) into the build task?