Hacker News new | comments | show | ask | jobs | submit login

It's not reasonable to be skeptical of every package. When you do that you get a mess of locally stored packages that end up out of date.

Should really just be a 'publish is forever' mentality




It is absolutely reasonable to be skeptical of every package. You probably shouldn't be on the bleeding edge of packages and likely ought to have locally stored packages.

You of course need to audit and improve your local store, but you need to do that with your dependencies anyway




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: