Y
Hacker News
new
|
ask
|
show
|
jobs
by
gpmcadam
2310 days ago
If you're concerned about injection into a third-party package, you should be using `package-lock.json` (or equiv) and integrity hashing your dependencies at install time.