sobregosodd
sobregosodd
Hello @davekerber , thanks for reaching out. Your request makes total sense. IMO your proposal should be the default behaviour and optionally we can provide an environment variable to enable...
This PR is solved by https://github.com/DataDog/guarddog/pull/492
I'm not so sure about this one, I don't see how this could determine if a package is malicious or risky based on this
Let's look at the data first, I've seen several legit packages with date-like versioning, and non other semver approaches. If we consider it makes sense, we should replace `release_zero`
Hello @rafalry, thanks for reaching out. Yes, we have observed this, It seems that semgrep is not working as expected, this seems releated be a combination of current system load...