Mastodon Feed
slightlyoff@toot.cafe ("Alex Russell") wrote:
Per a conversation with a coworker, it turns out that one of my most unpopular opinions is that if you haven't read at least a large fraction of the code, you should not be adding it as a dep via NPM. Doubly so with transitive dependencies.