Y
Hacker News
new
|
ask
|
show
|
jobs
by
silverwind
178 days ago
Pinning actions doesn't really work because most action dependencies are unpinned thanks to npm default behaviour of not pinning them.
2 comments
baobun
178 days ago
Just don't use actions which pull in arbitrary npm packages without a lockfile.
link
NamlchakKhandro
178 days ago
Why does this matter?
JavaScript actions are already bundled.
link