-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should we report old versions of Javascript libraries? How frequently are they exploitable? #800
Comments
ideally we should. we do so . there are a lot of malicious (and a few vulnerable) packages out there. you can have a look at this . There are a few utilities as well that might be easy to integrate. |
Yes, it's crucial to prioritize security patches and stay vigilant against emerging threats in the JavaScript ecosystem. I think while reporting old versions of JavaScript libraries is important for maintaining security and performance, the exploitability of these outdated versions can vary based on factors such as library popularity, severity of vulnerabilities, and timely application of updates by developers. |
You can refer to https://nvd.nist.gov/, where we can access detailed vulnerability descriptions, affected versions, and potential impact assessments for JavaScript libraries. This data source can help prioritize updates, assess risk levels, and stay informed about emerging threats in the JavaScript ecosystem. |
No description provided.
The text was updated successfully, but these errors were encountered: