[SUPPLY-CHAIN] Improve Javascript Dependency Update Process for Better Security and Maintainability - Githubissues

superfluid-finance / protocol-monorepo

Superfluid Protocol Monorepo: the specification, implementations, peripherals and development kits.

https://www.superfluid.finance

Other

875 stars 238 forks source link

[SUPPLY-CHAIN] Improve Javascript Dependency Update Process for Better Security and Maintainability #1869

Open hellwolf opened 2 years ago

hellwolf commented 2 years ago

As a development process developer, software supply chain integrity of Superfluid development process should be improved for Javascript projects (inc. NodeJS, Typescripts) to improve maintainability and security.

Checklist

[ ] Setup scheduled dependency updates
[ ] Enable dependabot with practical configuration that doesn't create excessive noise

Notes

kasparkallas commented 1 year ago

Look into Snyk.