I hate it with passion. It won't respect pinned versions in package.json. I have to explicitly exclude stuff. Be better.
Could you elaborate a little? Are you saying it should ignore vulnerable packages simply because you pinned it to a specific version? Or does it warn even if your specific version isn't vulnerable?
alt Hacker News
Could you elaborate a little? Are you saying it should ignore vulnerable packages simply because you pinned it to a specific version? Or does it warn even if your specific version isn't vulnerable?