some code hosts (like Github) will automatically alert you when there is a dependency for your project w. a reported vulnerability
This is a great feature, I've used it in a couple of libraries I created and maintain, really helpful.
It is definitely important to be thinking about these issues, and then carefully considering risk/reward tradeoffs rather than just assuming one way or another.
Totally agree, this is something I often tell my friends and colleagues, not just about the security of the dependency, but also about the limitations that library might have in the future, and what I call "using a chainsaw to cut a twig" syndrome.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is a great feature, I've used it in a couple of libraries I created and maintain, really helpful.
Totally agree, this is something I often tell my friends and colleagues, not just about the security of the dependency, but also about the limitations that library might have in the future, and what I call "using a chainsaw to cut a twig" syndrome.