Would be nice if package.json had a flag to indicate the runtime would be either... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		twistedpair on July 7, 2021 \| parent \| context \| favorite \| on: Npm Audit: broken by design? Would be nice if package.json had a flag to indicate the runtime would be either Node.js or a browser. So many of these "bugs" have no bearing in a browser context.

gforge on July 8, 2021 | [–]

The package.json should be able to actively ignore vulnerability id's. As id's disappear with audits the npm audit could just remove those, eg a "prune"

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact