Ask HN: How are you securing your NPM dependencies?

2 points by madospace ↗ HN
There are few obvious things like adding min-release-age, ignore-scripts and save-exact. What other practice we can follow to ensure we are minimizing the damage, especially with chained dependencies.

1 comment

[ 2.9 ms ] story [ 9.9 ms ] thread
Freezing the versions in package.json and generally not revisiting unless they have vulnerabilities or there's a compelling reason to update a specific package (which is rare).