|
|
|
|
|
|
by matisseverduyn
935 days ago
|
|
|
"Security" would be a useful benefit/section to add to this post: A.) If maintainers of your dependencies edited an existing/previous version, or B.) If your dependencies did not pin their dependencies. For instance, if you installed vue-cli in May of last year from NPM with --prefer-offline (using the cache / basically the same as checking in your node_modules), you were fine. But because vue-cli doesn't pin its dependencies ("node-ipc"), installing fresh/online would create WITH-LOVE-FROM-AMERICA.txt on your desktop [1], which was at the very least a scare, but for some, incredibly problematic. [1] https://github.com/vuejs/vue-cli/issues/7054 |
|
|