A good rule suggestion:
-
I would like to have insights in the external libraries used and to know if there might be a risk in using these libraries because they are impacted by a CVE
-
snippet of Noncompliant Code: NPM example package: open
-
snippet of Compilant Code (fixing the above noncompliant code): Npm example package: opn
-
external references and/or language specifications: hhttps://www.cvedetails.com/
https://www.npmjs.com/advisories
https://docs.myget.org/docs/how-to/checking-nuget-package-vulnerabilities-with-owasp-safenuget -
type : Vulnerability
-
tags: package sources / nuget / npm