-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
README: use Snyk badge for deps security #1229
Conversation
Deploy request for cli accepted. Accepted with commit c3b745e https://app.netlify.com/sites/cli/deploys/5f6124b0f9a19700073e65b6 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @lirantal, seems like each badge can serve a different purpose, should we keep david
and add snyk
?
It is redundant in a way, since Snyk provides both the value of security fixes, as well as general updates to keep your dependencies from a version drift. WRT to david-dm, while I don't think there was any formal announcement, the project seems stale and out of date since 2018, with some outages happening, and the What I could find is a reference such as issue 123 on https://github.com/alanshaw/david: The project being unmaintained isn't a bad thing on its own though, nor do "out of date" deps a bad thing. |
Is there a way to relay both security vulnerabilities information and out of date dependencies information in the Snyk badge?
Seems like there is some in progress work to bring the project up to speed by the maintainer: The repo for the site itself https://github.com/alanshaw/david-www needs some work, maybe it's pending alanshaw/david#172? |
Indeed we don't yet have a badge for out of date dependencies. It's not something to planned, so if you particularly need and want to badge this out then david-dm or alternatives. I wasn't really doing any DD on david-dm. Just browsed the repo a bit upon your ask on this and my memory of the project not being actively maintained. Good to keep as is if needed. I can update the PR to include both david-dm and the snyk badge to get both. |
Thank you for clarifying, until I can make a more informed decision it would be great to have both. |
Definitely. PR updated to include both 👍 |
- Summary
Replacing outdated david-dm's badge with Snyk's for security insights.
- Test plan
N/A
- Description for the changelog
docs(readme): use Snyk badge for deps security
- A picture of a cute animal (not mandatory but encouraged)