We've completed a full dependency security audit as part of our quarterly review.
Results
| Action | Count |
|---|---|
| Packages updated | 23 |
| Packages removed | 5 |
| Vulnerabilities patched | 8 |
| New dev dependencies | 2 |
Key changes
Upgraded
nextfrom 15.x to 16.0 (includes security patches)Removed
lodash— replaced usage with native ES2024 methodsPinned all dependencies to exact versions (no
^or~)Added
npm auditto our CI pipeline — builds fail on high/critical vulnerabilities
Automated scanning
We now run:
npm auditon every pull requestDependabot for automated security PRs
Socket.dev for supply chain attack detection
We run these audits quarterly. The next one is scheduled for October 2025.