DEV Community

Discussion on: So you think you're just gonna `npm install`? Think again

lirantal profile image
Liran Tal Author

Sounds good.

If I could help you in getting started with Snyk for auditing, monitoring etc I'd be more than happy to connect over DM or something.

One point that stands out is, while your pipeline checks for vulnerabilities, if you didn't deploy/run CI for say 2 weeks, and during this time a vulnerability was disclosed, then you wouldn't catch it, where-as with Snyk we constantly monitor your package manifest snapshots, alert, and open PRs that automatically fix and relock the relevant lockfile.