Y
Hacker News
new
|
ask
|
show
|
jobs
by
touristtam
273 days ago
That and pin that damn version!
1 comments
AndreasHae
273 days ago
It’s still ridiculous to me that version pinning isn’t the default for npm.
The first thing I do for all of my projects is adding a .npmrc with save-exact=true
link
silverwind
273 days ago
save-exact is mostly useless against such attacks because it only works on direct dependencies.
link
electrotype
272 days ago
Why, though?
link
The first thing I do for all of my projects is adding a .npmrc with save-exact=true