[economyballoon]

When I think secure I think

  import { serve } from "https://deno.land/std@v0.19.0/http/server.ts";

It would be better to integrate something into Node.js instead of inflating a new economy balloon!

[RunawayGalaxy]

What do you think is happening when you `npm install` or `yarn add` a package?

[judge2020]

`npm`/`yarn` have hash checks when using the lockfile (side note: you should be using `npm ci` in your deployments so it doesn't install newer versions). Maybe there could be a lockfile system for webpack that would verify a file like the one they suggest doesn't change between installs and systems.

[realPubkey]

Doesnt deno also have a lockfile?

[rhacker]

That's why I don't want to use it personally, it's all in the imports. Making things a pita when you want to just upgrade something.