tiny_hedgehog

🤜💥🤛

He’s just a dad.

Literally the only way to do this is fire the first 3 or 4 levels of upper management.

I looked at the repo but I still don’t know what this is. Is it a game? Is it something else?

Probably a simple way without looking at ANY code is to just look at a few key points on GitHub (or GitLab or other):

Stars This is the number of people who have favourited the package. In general, if a package has more stars (500+, 1000+) it is probably good and has had a lot of people looking at it and using it. Beware packages with only a few stars (fewer than 20, but context matters.)

Forks Also look at the number forks the repo has. In general, the more forks it has, the more people in the community have contributed to it, fixing bugs, tightening security, etc. Again, the more eyes the package has on it, the higher the chance that key vulnerabilities have been identified and fixed.

Number of Contributors same reason as forks.

When last the files in the repo were updated Occasionally you’ll find a package that meets the above heuristics very well, but was only last updated 5 to 10 years ago. Avoid these as they aren’t up to date and therefore have vulnerabilities.

All these points are just rough heuristics and there will be exceptions but can generally point even experienced developers in the right direction.