问HN:你们是如何确保NPM依赖的安全性的?

1作者: madospace大约 2 个月前原帖
有一些明显的做法,比如添加最小发布年龄(min-release-age)、忽略脚本(ignore-scripts)和保存精确版本(save-exact)。还有哪些其他的实践可以遵循,以确保我们在处理链式依赖时尽量减少损害呢?
查看原文
There are few obvious things like adding min-release-age, ignore-scripts and save-exact. What other practice we can follow to ensure we are minimizing the damage, especially with chained dependencies.