|
|
|
|
|
|
by allover
3078 days ago
|
|
|
> NPM shouldn't scare you. >> It absolutely should, just like any dependency on any other third party code or servers There's no need to be scared of any of those things if you understand the trade-offs and risks. >> Especially when they regularly have incidents like this. They don't. >> Simple fact is you should not be relying on ANY package registry at the time of deployment. > This is true, but doesn't prove the previous claim. The 'previous claim' follows from it. If you don't treat a package registry like an essential part of your own infrastructure, there's no need to be scared of it. |
|
|