README: use Snyk badge for deps security #1229
Conversation
|
Deploy request for cli accepted. Accepted with commit c3b745e https://app.netlify.com/sites/cli/deploys/5f6124b0f9a19700073e65b6 |
erezrokah
added
the
type: chore
|
It is redundant in a way, since Snyk provides both the value of security fixes, as well as general updates to keep your dependencies from a version drift. WRT to david-dm, while I don't think there was any formal announcement, the project seems stale and out of date since 2018, with some outages happening, and the What I could find is a reference such as issue 123 on https://github.com/alanshaw/david: The project being unmaintained isn't a bad thing on its own though, nor do "out of date" deps a bad thing. |
Is there a way to relay both security vulnerabilities information and out of date dependencies information in the Snyk badge?
Seems like there is some in progress work to bring the project up to speed by the maintainer: The repo for the site itself https://github.com/alanshaw/david-www needs some work, maybe it's pending alanshaw/david#172? |
|
Indeed we don't yet have a badge for out of date dependencies. It's not something to planned, so if you particularly need and want to badge this out then david-dm or alternatives. I wasn't really doing any DD on david-dm. Just browsed the repo a bit upon your ask on this and my memory of the project not being actively maintained. Good to keep as is if needed. I can update the PR to include both david-dm and the snyk badge to get both. |
Thank you for clarifying, until I can make a more informed decision it would be great to have both. |
|
Definitely. PR updated to include both 👍 |
- Summary
Replacing outdated david-dm's badge with Snyk's for security insights.
- Test plan
N/A
- Description for the changelog
docs(readme): use Snyk badge for deps security
- A picture of a cute animal (not mandatory but encouraged)