|
|
|
|
|
|
by chmod775
1618 days ago
|
|
|
> Pin all you want, if the repo/vendor/maintainer pulls the release then you're not getting access to your dependencies at all. And that's among the reasons people have started to commit their node_modules folders. It has the neat side-effect of making people take a closer look at all the crap their pulling in too. |
|
|