Great summary article. The missing point is about the dependencies version management.
NPM modules suffer from the ~ ^ in the version numbers. Although semver may enforce no changes in the dependencies api, their devs are humans too and may break things.
Therefore, we should enforce module managers to "hardcode" the dependency version. This would also be a step towards reproduceable builds.
Top comments (3)
Great summary article. The missing point is about the dependencies version management.
NPM modules suffer from the ~ ^ in the version numbers. Although semver may enforce no changes in the dependencies api, their devs are humans too and may break things.
Therefore, we should enforce module managers to "hardcode" the dependency version. This would also be a step towards reproduceable builds.
yarn init
?npm init
?Yeah, if you start from scratch, you should npm init :)
ButI assume, you already have a package.json
However, npm init also does not cover all important fields.