![]() ![]() The following are a few ideas to handle this kind of situation with npm specifically. How do we protect ourselves from a transitive dependency breaking 8 levels down the dependency graph? What if it’s worse than merely a breaking change? What if a dependency was unpublished or even more horrifying, pushed up a “patch” with malicious code? It could leave an entire local project in ruins. The root of the problem comes from having to rely on a very large dependency graph that can go down dozens of levels and potentially receive updates without our explicit buy-in. Instead of dwelling on how the situation came to be, I’d rather focus on some practical solutions for how we can prevent an event like this from affecting us in production with the tools and methods available to us today. This post is not about the situation leading up to the removal, or the reasoning behind it, or even how npm could solve the issue in the future. Cue mass panic as builds around the world started to fail. Basically, an author unpublished a prominent package that many projects happened to depend on. Back in March of 2016 there was a rather large hiccup in the npm ecosystem. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |