I’m not a node/js apologist, but every time there is a vulnerability in NPM package, this opinion is voiced.

But in reality it has nothing to do with node/js. It’s just because it’s the most used ecosystem. So I really don’t understand the argument of not using node. Just be mindful of your dependencies and avoid updating every day.

▲

shortrounddev2 7 hours ago | parent [-]

it's interesting that staying up to date with your dependencies is considered a vulnerability in Node

▲

bichiliad 6 hours ago | parent | next [-]

Having a cooldown is different from never updating. I don’t think waiting a few days is a bad security practice in any environment, node or otherwise.

	▲	vrighter 4 hours ago \| parent [-]
		But only if most of everyone else doesn't do so.

▲

skwee357 6 hours ago | parent | prev [-]

People who live on the edge of updates always risk vulnerabilities and incompatibility issues. It’s not about node, but anything software related.