|
|
|
|
|
|
by ocdtrekkie
2292 days ago
|
|
|
I think this is the big reason I'm excited about NPM joining GitHub. I don't trust NPM (I'm not fond of package repos in general), but tying packages closely to their GitHub source offers significantly more verification potential that a package is in fact comprised of the source code for it, and that it hasn't recently turned hostile. |
|
|