Every dependency you add is a supply chain attack waiting to happen (benhoyt.com) 4 points by benhoyt 3mo ago ↗ HN
[–] ArcHound 3mo ago ↗ Yes, keep your dependencies low in numbers. No, don't turn off dependabot. Wait two weeks before updating. IIRC, there's a built-in feature for that.
1 comment
[ 3.0 ms ] story [ 11.3 ms ] thread