When one open-source package riddled with vulns pulls in dozens of others, what’s a dev to do?

Snyk survey puts cross-site scripting top of the list for security holes – but watch out for prototype pollution too

Open-source security specialist Snyk has released a new survey combining data on vulnerabilities in available packages with responses from developers and DevOps teams about how they handle the challenge this

...continue reading...

Source: Theregister.co.uk/security / Article: "When one open-source package riddled with vulns pulls in dozens of others, what's a dev to do?"