|
|
|
|
|
|
by Silhouette
3744 days ago
|
|
|
Instead, add it to your package.json yourself with the exact specific version you want Unfortunately, the same problem then arises for your dependencies. If any of them don't specify exact versions, you are still vulnerable to getting uncontrolled changes. This is why things like npm shrinkwrap exist, but it's still crazy that NPM's default behaviour is the uncontrolled case. |
|
|