Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
christophilus
3 days ago
|
parent
|
context
|
favorite
| on:
Do any languages specify package requirements in i...
The difference is that you have a single file to audit with npm. With Deno, any file in your codebase might pull in a dependency.
flohofwoe
3 days ago
|
next
[–]
Which isn't really a problem for simple one-file 'shell scripts'. For bigger projects, Deno already suggested to maintain all external imports in a central file.
reply
iforgot22
3 days ago
|
prev
[–]
That assumes someone is actually auditing the npm deps.
reply
feross
3 days ago
|
parent
[–]
It’s trivial to audit your dependencies with
https://socket.dev
Disclosure: I’m the founder.
reply
iforgot22
2 days ago
|
root
|
parent
[–]
Despite the ease of auditing services, there are notoriously a lot of devs using unaudited deps. Maybe they don't even think about it, unfortunately.
reply
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
