Security management in Packagr
TL;DR
Packagr now provides dependency security scanning for your packages
What's changing?
From version 1.4.0, Packagr will now attempt to identify any security issues found in your Package's dependencies. Any such issues will be displayed in the Security scan tab of the package view, like so:
How does it work?
The security scanner finds the package dependencies from your Package Metadata and checks open source resources to see if there are any known security vulnerabilities for that dependency. Any vulnerabilites found are presented in the view above
How can I find out more about a vulnerability?
Packagr's security vulnerability data comes from CVE details. Clicking on the info icon next to each security vulnerability will open the full details of a given vulnerability on the CVE details website
Why can't I see any security vulnerabilities for my packages?
You won't see any security vulnerabilities for a package in the following cases:
- Your package has no known security vulnerabilities in its dependencies
- You are using the free tier - only paid accounts can use the security scanner functionality
- Your package was uploaded before the Package Metadata feature was added