Y
Hacker News
new
|
ask
|
show
|
jobs
by
zahlman
31 days ago
My point was the "with hashes" part. You aren't in fact "trusting" NPM to ensure that old versions aren't replaced if the package installer is verifying the hash.