← Back to context Comment by touristtam 2 months ago That and pin that damn version! 3 comments touristtam Reply AndreasHae 2 months ago It’s still ridiculous to me that version pinning isn’t the default for npm.The first thing I do for all of my projects is adding a .npmrc with save-exact=true silverwind 2 months ago save-exact is mostly useless against such attacks because it only works on direct dependencies. electrotype 2 months ago Why, though?
AndreasHae 2 months ago It’s still ridiculous to me that version pinning isn’t the default for npm.The first thing I do for all of my projects is adding a .npmrc with save-exact=true silverwind 2 months ago save-exact is mostly useless against such attacks because it only works on direct dependencies. electrotype 2 months ago Why, though?
silverwind 2 months ago save-exact is mostly useless against such attacks because it only works on direct dependencies. electrotype 2 months ago Why, though?
It’s still ridiculous to me that version pinning isn’t the default for npm.
The first thing I do for all of my projects is adding a .npmrc with save-exact=true
save-exact is mostly useless against such attacks because it only works on direct dependencies.
Why, though?