GitHub vulnerability reports are also notified on my abandoned repos

#discuss #github #security #node

I don't have time or drive to correct all of my old repos. What should I do with it?

Just accept suggested PR's? What about the possibilities of breaking what is already working?

If it is a relative popular repo, maybe I would try to correct it. But if no one else use it, and even I am not currently using it? Not all GitHub repos are published in NPM.

Also, is it just me, or NPM packages usually have more vulnerabilities than perhaps, Python's PyPI?

Top comments (0)

What are the pros and cons of using GitHub Copilot?

Abigael Wairimu - Apr 27

Node Test Runner vs Bun Test Runner (with TypeScript and ESM)

Bosco Domingo - Apr 26

Optimizing Performance Using Prometheus with Node JS for Monitoring

oluwatobi2001 - Apr 30

Secrets in Lambda Env Vars

Mike Stemle - Apr 25

DEV Community