|
|
|
|
|
|
by dmitriid
1762 days ago
|
|
|
> It's also pretty easy to vendor in your dependencies It's not the first time I see this claim in this discussion. Describe "easy". In the case of the much-hated npm, or yarn, it's as easy as: npm/yarn install package
This will pull both the package and all its dependencies. It will create a lock file and will essentially lock the version. There are additional ways to specify the exact versions, and version ranges for packages and dependencies.Additionally, it's quite trivial to make npm/yarn to pull not from npm, but from, say, a private package registry that only has vetted and audited packages. So. Given that "it's easy to vendor in your dependencies", how will all this look in Deno? We already know that even such a simple thing as lockfiles is, multiple manual steps with awkward parameters to the cli that people shouldn't forget [1]. This is... not easy. [1] https://deno.land/manual/linking_to_external_code/integrity_... |
|
|