So the first step is to check if your dependencies are really used. What are they used for ? Do you really need them ? Are they correctly ordered between dependencies and devDependencies ? This may sound a bit obvious but if you're working on a project that you haven't initialized or where people were free to add dependencies, I'm pretty sure that you don't have a full control of what you're using. And finally, this page contains the list of the latests security advisories. To avoid this, yarn and npm both have a cli command that will show you the dependencies you're using that are not up-to-date with their latest security patches: yarn audit or npm audit. 🔒 About safety, you can find in this very good article what could happen if your dependencies are not updated when a security issue is found and fixed. By doing so, you'll face less breaking changes at the same time and keep a better control of the changes you'll introduce.
I suggest you to update them once every month or at least once every 2 months. If you want to keep your project secure, fast and enjoy the latest features of all your dependencies, it's important to keep them regularly up-to-date.
0 kommentar(er)
