High key mad that people are actually blaming the guy who changed his own solely developed node.js code and got branded as some kind of hacker or something because a ton of corporate houses unthinkingly pulled in his changes because to them the repo was just a source of free code they would never have to pay for, look at, or contribute back to.
Serves them right. They had ways to prevent this and they chose not to do them.
Serves them right. They had ways to prevent this and they chose not to do them.
@trysdyn ain't like the old versions are no longer in the commons either, after npm changed their policies because of leftpad! if you aren't pinning or at a minimum testing dependencies you pretty much get what you ask for
which is why npm is friggin awful why is there no way to pin a dependency in your goddamn package manager
fuchsiaaaaaaaaaaaaaaaaa
@f0x @trysdyn yeah that's the one
given the alternative is manually managing package-lock.json for an enterprise react app, using a different package manager, or the obnoxious pattern of adding extra direct dependencies (that didn't seem to work nearly as well as maven where it's also an unmaintainable mess) it's really bewildering that hasn't been upstreamed