Y
Hacker News
new
|
ask
|
show
|
jobs
by
whilenot-dev
281 days ago
To add to this: the hash in the lock file is the checksum of the published tarball, not the commit hash.
1 comments
cluckindan
281 days ago
And then someone runs `npm install` on their CI
link