One caveat to keep in mind: Snyk's GitHub integration doesn't check devDependencies. In theory, we could have vulnerabilities that sneak in via flaws in emscripten, babel, etc. Apparently Snyk's CLI can check devDependencies, so I suppose we should make a habit of doing that every so often.
timkurvers
commented
6 years ago
One caveat to keep in mind: Snyk's GitHub integration doesn't check
devDependencies. In theory, we could have vulnerabilities that sneak in via flaws inemscripten,babel, etc. Apparently Snyk's CLI can checkdevDependencies, so I suppose we should make a habit of doing that every so often.Closes #16