There are several steps your organization must take to protect itself from potentially exploitable packages. First, you’ll need to carefully review and triage the package vulnerabilities that present risk to your organization, then you’ll need to patch each one. Patching a package may sound easy, but doing so without breaking your product can be tricky. Before patching, you may review the changelog between versions. Opening the changelog, however, could further the patch dread.