Well, from recent experience they could make “npm audit” usable without having to use a third party library like “better npm audit”. There’s no filtering or configuration at all. There are so many unimportant or irrelevant vulnerabilities reported that I have no doubt that people just ignore auditing because they don’t consider the 1000 high severity DoS vulnerabilities they can’t ignore relevant for their CLI app. =/
The tradeoff for security is usability and the worse the usability gets the more people fight back against it.
The tradeoff for security is usability and the worse the usability gets the more people fight back against it.
https://www.npmjs.com/package/better-npm-audit