gistfile1.txt

diasdavid 2 hours ago 
Yo @alanshaw !
around?
you did something well (again :grinning:) that we are missing in our nsp tool
https://david-dm.org/nodesecurity/nodesecurity-blog you identify and very well vulnerabilities on our blog app
but the nsp tool is skipping that
alanshaw 2 hours ago 
ha!
diasdavid 2 hours ago 
I’m thinking it is related with the ‘ranges search’ you talked and made possible, which means we are not doing well enough, would you like to share some of that wisdom ? :smile:
alanshaw 2 hours ago 
david-dm is all over it
it’s no magic
david gets version numbers for a package from npm
filters them by the range you have in your package.json
alanshaw 2 hours ago 
and then if any of those semver.satisfies the vulnerable versions range then you’re vulnerable
diasdavid 2 hours ago 
I see, I’m realizing that this might be nodesecurity api issue, because shrinkwraps fail as well
need to update that on the www
once again, awesome work on david :smile:
alanshaw 2 hours ago 
hey no problem
david’s unite!
diasdavid 2 hours ago 
ahah :grinning: