Great summary article. The missing point is about the dependencies version management.
NPM modules suffer from the ~ ^ in the version numbers. Although semver may enforce no changes in the dependencies api, their devs are humans too and may break things.
Therefore, we should enforce module managers to "hardcode" the dependency version. This would also be a step towards reproduceable builds.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great summary article. The missing point is about the dependencies version management.
NPM modules suffer from the ~ ^ in the version numbers. Although semver may enforce no changes in the dependencies api, their devs are humans too and may break things.
Therefore, we should enforce module managers to "hardcode" the dependency version. This would also be a step towards reproduceable builds.