Y
Hacker News
new
|
ask
|
show
|
jobs
by
shatsky
157 days ago
I don't know much about node but cargo has lock file with hashes which prevents dep substitution unless dev decide to update lock file. Updating lock file has same risks as initial decision to depend on deps.