Security audit examples
Security is a big thing, and quite a complicated topic.
It's very hard to keep track of node packages, because there is no tool that tells you "This is a real security risk for you and your users".
What most tools tell you, is that a package as a security issue, and it's up to you to define how critical it is.
Even specialised tools like Github alerts for vulnerable dependencies or Snyk mostly generate tons of false-positive warnings that are mostly a big waste of time.
At the time of writing, NRN comes with about 300 vulnerabilities of
That may sound like a lot, but you need to consider that most of those are due to small vulnerabilities that are only exploitable in a development environment.
The above warning, for example, is based on the
concurrently package, which is only used during development, when running the app in debug mode.
Lowlevel vulnerabilities, and rather focus on those that are more critical.
But even though, you'll notice most of them aren't real vulnerabilities. The real vulnerabilities are probably hidden behind all that noise.
If you know of a better way to manage security in your app, don't hesitate to open a Github issue/discussion about it!