-
-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v6] Feature: disable use of remote audit by default #242
Comments
@prabhu I had started on a config file for depscan that would include allowing the user to set a setting to periodically update vdb at a user-specified interval. My thought was that we could also store the date/time of the last update and log that info at the beginning of every scan so that the user would be aware. How about I return to this and add to v6... there are other things I want to incorporate into it when I have time, but this part is quite easy. |
Thanks @cerrussell. Adding this to the config file is a good idea. |
Request Description
For npm, the remote audit is enabled by default to avoid false negatives. Let's make this in an opt-in in v6 to prefer offline-only first.
Additional Information
How do we deal with the fact that we might miss legitimate malware since the vdb is rebuilt only every x hours or so, and users might forget to refresh the database periodically?
The text was updated successfully, but these errors were encountered: