If you’re working with dependencies on your GitHub-hosted projects, you’ll be happy to know that the repo platform will now alert you about vulnerabilities in things like React, so you’re aware of security flaws that might harm your site or app.
The company says its new feature will also point you to fixes suggested by the GitHub community, so you can sort out these issues and keep your project running smoothly.
To turn it on, you’ll need to enable your dependency graph (it’s automatically turned on in public repositories) by opting in in the repo settings, or finding the Insights tab and granting access there.
That’s good news for folks who want to keep their projects in top shape, but can’t yet afford or bother with third-party security tools like Gemnasium or Snyk (whose plans start $50 and $99 a month, respectively).
Pssst, hey you!
Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.