Once a dependency turns into a security vulnerability, you can either replace it... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		brokegrammer 8 months ago \| parent \| context \| favorite \| on: How to make websites that will require lots of you... Once a dependency turns into a security vulnerability, you can either replace it, or write your own library like I suggested. It's more cost effective and time efficient than writing your own libraries from scratch for every project. For example, I'd rather install React Router for routing in a React app instead of writing my own routing library. I guess some people will reply "grrr React, just use static HTML bro". Okay cool.

teddyh 8 months ago [–]

> Once a dependency turns into a security vulnerability

How will you know if/when that happens?

Are you subscribed to the development channels of all your dependencies? Do you examine every one of their commits for security fixes?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact