|
|
|
|
|
|
by jamesrom
1 day ago
|
|
|
safely-bump-deps.sh does not need to do impossibly hard things. It can just call npm: outdated, install --save-exact and/or install --package-lock-only. There's plenty of solutions here. Pushing this into a hook makes it invisible, implicit, hard to debug, and an entry point for all sorts of undefined behaviours. |
|
|