Y
Hacker News
new
|
ask
|
show
|
jobs
Every dependency you add is a supply chain attack waiting to happen
(
benhoyt.com
)
4 points
by
benhoyt
83 days ago
1 comments
ArcHound
83 days ago
Yes, keep your dependencies low in numbers. No, don't turn off dependabot. Wait two weeks before updating. IIRC, there's a built-in feature for that.
link