Skypack looks interesting. However, as I come from a Nix background, I'd like to a) pin my dependencies and b) do a hash check at install/download time to ensure the pinned package hasn't been modified behind the scenes.
Based on https://docs.skypack.dev/skypack-cdn/api-reference/pinned-ur..., it appears that you can do a. with Skypack, but this requires a manual step: look up the package in the CDN with curl or your browser and copy-paste the URL into your JS import statement. Is there any tooling to automate this?
Also, there appears to be no way to fail the build if the contents of the pinned URL change. Are Skypack users relying on Skypack to ensure that can't happen?
Based on https://docs.skypack.dev/skypack-cdn/api-reference/pinned-ur..., it appears that you can do a. with Skypack, but this requires a manual step: look up the package in the CDN with curl or your browser and copy-paste the URL into your JS import statement. Is there any tooling to automate this?
Also, there appears to be no way to fail the build if the contents of the pinned URL change. Are Skypack users relying on Skypack to ensure that can't happen?