It seems like a crucial step for tools like ChatGPT to ensure that the libraries it recommends or references are checked against known critical vulnerabilities. Any libraries flagged with such issues should either be avoided entirely or, at the very least, disclosed to the user.
This process is important enough that it could be integrated as a core feature rather than something triggered by a specific prompt. Doing so would help users make safer decisions and reduce the risk of cyberattacks and improve cybersecurity efforts.
For example the “pillow “ library for Python keeps showing up but has a critical vulnerabilities and there are plenty of alternatives available.
Thoughts?
Thanks Everyone!
