False Positives Everywhere
As a web developer, I've learned to ignore vulnerability scan results and that's a big problem.
Most of the results aren't relevant. Sometimes I find it easy to figure out what's safe to ignore from the findings.
Other times
I find myself scouring documentation, source code, and blog posts only to discover the "RCE" npm audit
told me I had
doesn't matter.