|
|
|
|
|
|
by corytheboyd
2026 days ago
|
|
|
I didn’t realize it installed packages automatically until I tried running my application in another environment where it crashed due to a missing package. When I found out why I was a bit upset :P This is terrible, if you forget to add the package to your manifest, what, is the expected behavior that you just run the latest version always? Why would you want that in a production environment ever? Especially when the package manager is RIGHT THERE and already solves the problem in a well understood way. Huge step backwards IMO |
|
|
FWIW the surface area for security issues here is far smaller than npx or similar tools, because WMR only writes JS/CSS/TS files to disk, and doesn't execute package scripts (where most vulnerabilities reside).