Daring Fireball: āThe way the Node community works, just blindly slurping in other peopleās package updates without knowing whatās in them, continues to boggle my mind.ā
In one of yesterdays posts I referred to the React Native community as loosey goosey.
The node.js community is one of the reasons why.
Always pin your dependencies.
Heck, Iāve worked on projects where weāve committed binaries, after doing a āpod installā, to the repo so we wouldnāt get an accidental update. Folks understood not to install stuff in their local build so we wouldnāt get random crap.
Another thing Iāve done is just include the code right in my project, no dependency manager. Especially if the code is really small.
Anywho, enough of the Development World According to Rob. š