When one open-source package riddled with vulns pulls in dozens of others, what's a dev to do?

Snyk survey puts cross-site scripting top of the list for security holes - but watch out for prototype pollution too

Open-source security specialist Snyk has released a new survey combining data on vulnerabilities in available packages with responses from developers and DevOps teams about how they handle the challenge this poses....