Hacker News new | ask | show | jobs
by michaelmior 3744 days ago
True, but it's common to have requirements of the form "^1.0.0" (especially since this is the default of npm i --save). It's easy to publish a new version that would be installed by a project declaring a dependency in this form.
1 comments
morgante 3744 days ago
Yes, but it's trivial to pin your dependencies exactly. That's not a reason to avoid small modules.
link