top | item 15427557

(no title)

js4all | 8 years ago

Am I the only one who thinks running scripts on a site directly from npm is a bad idea? What happens when an incompatible change in any of the dependencies is pushed. What if a package owner had transferred his ownership und the new owner pushes whatever he wants.

discuss

porsager|8 years ago

Using unpkg.com as an example they redirect from the root URL of a package to the latest version. For instance https://unpkg.com/mithril will redirect to https://unpkg.com/mithril@1.1.4/mithril.js

For example if adding a URL on https://flems.io it will store the xhr.responseURL to take advantage of this to pin the version. I would guess guess Scrimba does something similar?

pygy_|8 years ago

Wow, so you auto-pin, that's great!

pygy_|8 years ago

For one off examples it is just convenient. For long-lasting demo, it would be wise to pin the versions.