DEV Community

Discussion on: Another Npm Package Is Highjacked and It's Your Fault That This Happened

sharpninja profile image
The Sharp Ninja

Yes, but that has the opposite problem of ensuring that security holes live forever. Based on the vast majority of pull requests in my repositories being from Dependabot fixing security issues every night, I would say that this particular game of whack-a-mole will never end.