|
|
|
|
|
|
by momo_dev
71 days ago
|
|
|
i wasn't aware npm lockfiles check hashes by default now. my concern is more about the initial install before a lockfile exists, like in CI from a fresh clone without a committed lockfile. but you're right, once the lockfile is there the hash mismatch would be caught. |
|
|