yep, well summarized!

Thanks for sharing-- couldn't agree more!

Super cool-- love the discussion around diagrams and why they're so critical to humans

But do you really want to wait for a real security issue to emerge? Seems like keeping things updated is a simple, smart form of insurance.

1. How often are security issues found that are already fixed compared to security issues that are still in the latest version and require an even newer version to fix?

2. What are the security issues that can be found in a local tool which has as its only input your own code and it's output is only printed in tooltips for human review? Even if you had a way for specially formed code to run other code in eslint, it's a bit like saying bash has an RCE because you can type a command into it.

I'm glad we can have both types :)

About time