All activity
Alanleft a comment
After dealing with those npm postinstall attacks lately, seeing an agent that actually validates findings is a massive relief. Most tools just spam false positives until you kill the notifications. Does this catch transitive dependency stuff too, or just first-party code?
Codex SecurityOur application security agent