[v6] Feature: disable use of remote audit by default #242
Labels
enhancement
New feature or request
Comments
|
@prabhu I had started on a config file for depscan that would include allowing the user to set a setting to periodically update vdb at a user-specified interval. My thought was that we could also store the date/time of the last update and log that info at the beginning of every scan so that the user would be aware. How about I return to this and add to v6... there are other things I want to incorporate into it when I have time, but this part is quite easy. |
|
Thanks @cerrussell. Adding this to the config file is a good idea. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request Description
For npm, the remote audit is enabled by default to avoid false negatives. Let's make this in an opt-in in v6 to prefer offline-only first.
Additional Information
How do we deal with the fact that we might miss legitimate malware since the vdb is rebuilt only every x hours or so, and users might forget to refresh the database periodically?
The text was updated successfully, but these errors were encountered: