You may have heard about recent npm supply-chain incidents in the news (for example: this recent report). The good news is: combit is not affected.
We also want to assure you that we are taking extra care to prevent anything like that from affecting you:
-
We enforce strict controls around which package versions we accept into our software.
-
All dependency updates go through our security review process - and only trusted, vetted people are involved.
-
We monitor for and act fast on critical security vulnerabilities.
-
We keep our dependencies minimal to reduce risk.
Your safety and trust matter to us. We are committed to maintaining a high standard of security and vigilance - always.
Thanks for being with us!