Little late to the party here, and I’m not primarily a js dev, but… yes. It looks like it’s one of those syntactic sugar kind of packages that devs love to use. The bonus here is you can probably use a find-grep kind of process to check package-lock.json for references to the package. (there might be an npm command, but like I say - not a js dev.)
So, is that just a ‘developer’ component, or have I got to analyse all my systems now for the NPM components in the article’s list?
Little late to the party here, and I’m not primarily a js dev, but… yes. It looks like it’s one of those syntactic sugar kind of packages that devs love to use. The bonus here is you can probably use a find-grep kind of process to check
package-lock.jsonfor references to the package. (there might be an npm command, but like I say - not a js dev.)For example:
$ grep \"is\"\: package-lock.json "is": "^3.3.0",