Our great sponsors
-
I've recently started using Yarn 3, and its audit feature seems better designed: it only evaluates direct dependencies by default (which should prevent all of the issues in the article, although it may also risk missing legitimate problems - this may be a reasonable compromise), it optionally excludes devDependencies (one of the big complaints of the article), and it supports using Yarn's resolutions to force an upgrade of a vulnerable indirect dependency. A future version of Yarn will also add an option to suppress specific vulnerability reports, for cases where you've been able to identify that you're not affected by an issue.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.