Replies: 2 comments 3 replies
-
Looking at the source, this warns if a require changes at all, and doesn't actually scan deps? Does this add anything that snyk.io and dependabot don't already do for us? |
Beta Was this translation helpful? Give feedback.
0 replies
-
Actually, you are correct its very easy. All it does is alert the project when a require() function is being introduced with a dependency update. This might be an unsafe practice. Nothing complex. Thanks for your feedback Raula |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We would like to recommend an action we created to help Open Source Projects, especially when dealing with code changes that might be unsafe when updating dependencies.
https://github.com/marketplace/actions/depsafe.
Its research in progress.
Asia and Raula.
Beta Was this translation helpful? Give feedback.
All reactions