Y
Hacker News
new
|
ask
|
show
|
jobs
by
padjo
3 days ago
If you only use npm to manage client side deps then it removes the ability to compromise a devs machine or the CI server. Seems like nice attack vectors to just eliminate entirely.