Limitation
Only explicitly installed packages are checked:
npm install clean-looking-package
# But clean-looking-package depends on vulnerable-dep
# We only check clean-looking-package
Difficulty: Design
Would require fetching package metadata and resolving dependency tree.
Performance concern: hook has 10-15s timeout.
Priority: Low
Fundamental limitation, high effort.
Found in security audit 2024-01-06
Limitation
Only explicitly installed packages are checked:
Difficulty: Design
Would require fetching package metadata and resolving dependency tree.
Performance concern: hook has 10-15s timeout.
Priority: Low
Fundamental limitation, high effort.
Found in security audit 2024-01-06