undefined | Better HN

0 pointspartycoder10y ago0 comments

shrinkwrap might work for a bit. but if you regenerate the file you will run into the same issue.

a way to protect you 100% against the problem is to define your dependency as a link to a specific commit or tarball.

0 comments

Or a specific version since they can't be written to twice in the npm repo.

JdeBP10y ago

According to https://news.ycombinator.com/item?id=11341142 , in at least one case, now, this is not true.

McP10y ago

Except the exact same code was republished, so the point still stands.

j / k navigate · click thread line to collapse