|
|
|
|
|
|
by chrisbroadfoot
2554 days ago
|
|
|
To be pedantic, it's "wouldn't npm be the wrong tool" (it isn't, necessarily, I believe lockfiles provide you with reproducible builds) Vendoring/copying them is another way to achieve this (and means you don't need to depend on npm or its lockfiles). Regardless, those libraries are your problem whether you vendor/copy them or not. Read more: https://research.swtch.com/deps |
|
|