|
|
|
|
|
|
by SahAssar
2392 days ago
|
|
|
The part you leave out of that explanation is that for those files and folders there are 179 authors to trust for all future changes (including adding more authors via granting access to their repo or adding more deps). Sure, you can do locking, but that does not go deep well, and also turns into a hell of trying to determine if every (for your use-case) pointless release of a sub-dep is worth updating to. |
|
|
And if I don't, am I responsible for the malicious code insertion, or is NPM going to take responsibility for that?