|
|
|
|
|
|
by michaelmior
4634 days ago
|
|
|
I'm not sure I see the objection here. Package versions should be pinned so dependency management and version conflicts shouldn't be an issue. I don't believe npm signs packages, but it at least communicates with the server via HTTPS and properly validates the certificate so I don't really see the security concern there. |
|
|