It's more work and more restrictive I suppose. Any business is free to set up jf... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kankerlijer 39 days ago \| parent \| context \| favorite \| on: Lotusbail npm package found to be harvesting Whats... It's more work and more restrictive I suppose. Any business is free to set up jfrog Artifactory and only allow the installation of approved dependencies. And anyone can pull Ironbank images I believe.

cxr 39 days ago [–]

Eschewing with lockfile-based package management schemes actually takes less work.

<https://news.ycombinator.com/item?id=46008744>

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact