|
|
|
|
|
|
by dns_snek
1382 days ago
|
|
|
I have to wonder, is this satire? package.json is notorious for not pinning dependencies by default, leading to unexpected behavior such as dependencies being updated to new minor versions when you run `npm install`, which fails the principle of least surprise. You'll usually only learn about this after getting bitten by a bug in an auto-updated dependency and at that point you'll learn to manually pin your dependencies and use commands such as `npm ci` instead of `npm install` in your build pipeline. As such, navigating around the NPM world is anything but easy. There are razor sharp edges and footguns lying around everywhere, just waiting for you to use them. |
|
|