Ask HN: 各位都在如何保护你们的 NPM 依赖项安全?
1 分•作者: madospace•2 个月前
除了添加 `min-release-age`、`ignore-scripts` 和 `save-exact` 这些显而易见的方法之外,我们还能采取哪些措施来确保将风险降到最低,尤其是在存在链式依赖的情况下?
查看原文
There are few obvious things like adding min-release-age, ignore-scripts and save-exact. What other practice we can follow to ensure we are minimizing the damage, especially with chained dependencies.