> Anyway didn't this replace versions, so locking won't have helped either? The ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jffry 3 months ago \| parent \| context \| favorite \| on: NPM debug and chalk packages compromised > Anyway didn't this replace versions, so locking won't have helped either? The lockfile includes a hash of the tarball, doesn't it?

Already__Taken 3 months ago [–]

It does, the answer to my question was no.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact