If you’re working with dependencies on your GitHub-hosted projects, you’ll be happy to know that the repo platform will now alert you about vulnerabilities in things like React, so you’re aware of security flaws that might harm your site or app.
Do you want to be a cryptocurrency millionaire?
Don't get your hopes up.
To turn it on, you’ll need to enable your dependency graph (it’s automatically turned on in public repositories) by opting in in the repo settings, or finding the Insights tab and granting access there.
That’s good news for folks who want to keep their projects in top shape, but can’t yet afford or bother with third-party security tools like Gemnasium or Snyk (whose plans start $50 and $99 a month, respectively).