|
|
|
|
|
|
by VPenkov
524 days ago
|
|
|
This is an option but that makes it easier to conceal malicious code within node_modules as an internal threat actor or make super sure there's a culture of actually reviewing those changes. In cases like that it helps to do npm install on the CI and make sure you end up with identical code. Decent trade-off. |
|
|