|
|
|
|
|
|
by cxr
896 days ago
|
|
|
Whether you're storing your own copy of a given dependency and whether you've done code review for it are orthogonal concepts. (You can check it in and perform the same amount of review that people do when deferring to `npm install` for late fetching, i.e. none.) Conflating these two not-unrelated-but-still-distinct concepts is a big contributor to why the current state of the art is so fraught. |
|
|