Hacker News new | ask | show | jobs
by TheRealDunkirk 1354 days ago
The idea that some team is "vetting" that the entire stack of stuff you'd pull from npm for a React front-end app is "safe" is ridiculous. Forget the mirroring; that's trivial. What criteria or process would make you think you had a "vetted" snapshot, beyond what they already do!?
1 comments
slt2021 1354 days ago
This process is automated by static code analysis tools, once it is deployed then absolutely no meatbag effort is required
link