Dependency audit before each release?

Are Bitwarden dependencies audited by independent organization after they’ve been added/updated and before release? I know that Bitwarden had some trouble with dependencies in browser extension in the past. Not only vulnerabilities, but deliberate supply chain attacks are a real danger, and as node-ipc showed, people are perfectly willing to sacrifice their reputation if it means that attack will be successful.

Hi @iMouse, Bitwarden regularly completes a broad set of security and compliance information listed here, including a SOC 3 report, and a partnership with security researchers through the HackerOne program.