Comment by bitmasher9
11 hours ago
We’re using an internal package repository that acts as a gateway to the public package repositories, except it can have custom rules such as “min release age 30 days”, and can also give logs about which projects have actually downloaded a specific version.
It’s so much overhead and auditing to enforce compliance across the thousands of node microservices though.
No comments yet
Contribute on Hacker News ↗