Hacker News new | ask | show | jobs
by jadar 76 days ago
It almost doesn't matter, because you can get pwned by a transitive dependency. If someone doesn't have the same scruples as you have, you're still at risk.
1 comments
inbx0 76 days ago
minimumReleaseAge and lockfiles also pin down transitive dependencies.
link