Twitter status 1149957223076061184 from 13. July 2019

@c089 @dan_abramov And the package manager has no way of telling how the code is actually used.

There I think we can have the developer "mute" specific vulnerabilities, like you can do for linting.

If you look at the current warnings, a rough separation between dev and non-dev will reduce noise.