undefined | Better HN

0 pointsshortrounddev26mo ago0 comments

it's interesting that staying up to date with your dependencies is considered a vulnerability in Node

0 comments

Having a cooldown is different from never updating. I don’t think waiting a few days is a bad security practice in any environment, node or otherwise.

vrighter6mo ago

But only if most of everyone else doesn't do so.

skwee3576mo ago

People who live on the edge of updates always risk vulnerabilities and incompatibility issues. It’s not about node, but anything software related.

j / k navigate · click thread line to collapse

0 comments

bichiliad6mo ago

Having a cooldown is different from never updating. I don’t think waiting a few days is a bad security practice in any environment, node or otherwise.

vrighter6mo ago

But only if most of everyone else doesn't do so.

skwee3576mo ago

People who live on the edge of updates always risk vulnerabilities and incompatibility issues. It’s not about node, but anything software related.

j / k navigate · click thread line to collapse