|
|
|
|
|
|
by cnorthwood
1683 days ago
|
|
|
Fortunately this is the default in JavaScript world with both Yarn and NPM supporting lockfiles which have hashes and pinned versions. The problem is the sheer volume of dependencies and transient dependencies which makes it hard to reliably audit those, as updating one thing can cause a lot of work. |
|
|