Hacker News new | ask | show | jobs
by badminton1 3737 days ago
shrinkwrap might work for a bit. but if you regenerate the file you will run into the same issue.

a way to protect you 100% against the problem is to define your dependency as a link to a specific commit or tarball.
1 comments
dclowd9901 3737 days ago
Or a specific version since they can't be written to twice in the npm repo.
link
JdeBP 3737 days ago
According to https://news.ycombinator.com/item?id=11341142 , in at least one case, now, this is not true.
link
McP 3737 days ago
Except the exact same code was republished, so the point still stands.
link
drunkcatsdgaf 3737 days ago
This time
link