|
|
|
|
|
|
by nijave
9 days ago
|
|
|
The lockfile should protect you there. It'd only be an issue if you're working on updating dependencies in which case there's other protection like min-release-age If pulling down your company repo and running `npm install` can lead to a compromise, something has went terribly wrong with your company's security setup. |
|
|