How to protect NPM from corrupted libraries?
ฝัง
- เผยแพร่เมื่อ 19 ม.ค. 2022
- If you do not do this one simple thing, other people can break your JavaScript application? How? By publishing a new version of their library on NPM. If you do not test everything, you might even do not notice that something went wrong and your app has problems. This is why, always pinpoint your NPM dependencies to a given, specific, version. Avoid "compatible " and "equivalent". And definitely, never do "any version". That is the short way to a huge headache.
NPM colors library www.npmjs.com/package/colors
NPM faker library www.npmjs.com/package/faker
#quadmeup #npm #programming
Visit my primary channel / dzikuvx
Facebook / quadmeup
Discord server quadmeup.com/discord
My website quadmeup.com/
Instagram / dzikuvx - วิทยาศาสตร์และเทคโนโลยี
![บุกร้านไอศกรีม VJ วุ้นเส้น !!!! [ดูคลิปเต็มหน้าช่อง] #Short | PANG ORNHIRA](http://i.ytimg.com/vi/g549nEhKZdc/mqdefault.jpg)
If npm works anything like composer which I think it does, then it's best to keep the lock file (it contains the exact versions of the last update) in version control and then when deploying, install from the lock file and not from the npm.json or composer.json file. Then you can still use version tags such as "~2.7" in your .json file. That way you can update during development if you want, test it, and if happy with the results, commit the lock file changes.