Y
Hacker News
new
|
ask
|
show
|
jobs
by
baobun
176 days ago
Just don't use actions which pull in arbitrary npm packages without a lockfile.