Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
riking
on April 1, 2022
|
parent
|
context
|
favorite
| on:
How Go mitigates supply chain attacks
Nope, you need to run `npm ci` to guarantee that you don't write a new lockfile.
hashhar
on April 1, 2022
[–]
Also the lockfiles are not recursive. i.e. they don't apply to the dependencies you install or their transitive deps.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
