all InfoSec news
Investigate GitHub Dependabot patches for npm packages
DEV Community dev.to
TL;DR use Dependabot if you are using GitHub.
Dependabot alerts can give you a superpower – the ability to secure your project by keeping dependency-based vulnerabilities out of your code.
It can be a little bit overwhelming to keep track of all the package dependencies in a TypeScript/JavaScript application. Lets play with a dummy project to see what we can do.
mkdir hello-cdk && cd hello-cdk
cdk init app --language typescript
Now we will have a package.json that looks like …
100daystooffload alerts application code dependabot dependencies dependency github javascript npm package packages patches play project track typescript vulnerabilities