Hacker News new | ask | show | jobs
by capableweb 2369 days ago
Instead of throwing your hands in the air and saying "Well, too many dependencies, can't review it", you can pull in less dependencies so you can manage to review it. Especially from sources where anyone can publish anything basically.
1 comments
lowdose 2369 days ago
Don't use npm?
link
capableweb 2368 days ago
Not sure if this is a statement or question. Assuming it's a question: Me and my team uses npm, but we're careful about what we pull in. If the dependency has too many dependencies themselves, we either find a alternative, fork it to remove bunch of stuff we don't care about or write something ourselves.
link