Like of @FiloSottile's tweet · Jamie Tanna

Post details

How can we even start talking about supply chain security and sustainability if a maintainer publishing a bad npm package version breaks everyone instantly? Stable, deterministic pinning is table stakes. theverge.com/2022/1/9/22874…
Filippo ${jndi:ldap://filippo.io/t} Valsorda (@FiloSottile)Sun, 09 Jan 2022 22:23 GMT

Sun, 09 Jan 2022 22:34 by Jamie Tanna . #open-source #version-pinning.

Also on:

This post was filed under likes.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.