By Liam Tung | March 22, 2018
GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners.
The massive bug-find total was reached within a month of the initiative's launch in November, when GitHub began scanning for known vulnerabilities in certain popular open-source libraries and notifying project owners that they should be using an updated version.
The scan automatically probes public repositories on GitHub for known-vulnerable libraries in RubyGems for Ruby and npm for JavaScript, so it doesn't yet cover all possible vulnerable libraries.
However, GitHub plans to expand its scan to Python dependencies later this year. Private repositories meanwhile need to opt in to the security alerts....
GitHub dependency scan found four million security flaws
GitHub dependency scan found four million security flaws
GitHub: Our dependency scan has found four million security flaws in public repos