|
|
|
|
|
|
by captn3m0
23 days ago
|
|
|
I arrived at a similar model for NPM using hooks in pnpm: https://github.com/captn3m0/npm-sec-feed. I love the work Packagist/Composer is doing in the space. I’m now a firm believer that every package manager needs to support hooks globally. Composer also supports conflicts which results in this amazing approach of having a meta-package conflict with insecure packages: https://github.com/Roave/SecurityAdvisories. Can’t happen in Node, sadly because of language differences. |
|
|