top | item 45269072 (no title) AndreasHae | 5 months ago It’s still ridiculous to me that version pinning isn’t the default for npm.The first thing I do for all of my projects is adding a .npmrc with save-exact=true discuss order hn newest silverwind|5 months ago save-exact is mostly useless against such attacks because it only works on direct dependencies. electrotype|5 months ago Why, though?
silverwind|5 months ago save-exact is mostly useless against such attacks because it only works on direct dependencies. electrotype|5 months ago Why, though?
silverwind|5 months ago
electrotype|5 months ago