#dependencies
Stop Using Yarn Classic
5 min readYarn Classic is frozen, and its lack of recursive transitive updates is becoming a real liability in an era where CVEs land weekly. It's time to move on.
Protecting Against Compromised Packages with Minimum Release Age
6 min readLeverage your package manager's minimum release age setting to delay the installation of freshly published versions and reduce the risk of pulling in a compromised package.
Minimizing Risk: Properly and Safely Resolving CVEs in Your Dependencies
10 min readHow to properly and safely update dependencies to resolve CVEs, while also gathering an understanding of how package managers handle dependencies.