On my personal projects I don't really bother with this.
However, you only have to look at the NPM "leftpad" debacle to see why I ALWAYS do this in professional projects for a company.
I've had multiple times in my career where I need to update an old project that hasn't been touched in years, that has a dependency that is no longer available (easily) online.
Yeah, at the very least, I feel like making sure you commit the dependencies for major versions of your final product is important. I don't feel like we should assume composer.json or package.json will even be enough 5 years from now. Online services come and go at a moment's notice.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
On my personal projects I don't really bother with this.
However, you only have to look at the NPM "leftpad" debacle to see why I ALWAYS do this in professional projects for a company.
I've had multiple times in my career where I need to update an old project that hasn't been touched in years, that has a dependency that is no longer available (easily) online.
It seems to be a good reason.
Thx !
Yeah, at the very least, I feel like making sure you commit the dependencies for major versions of your final product is important. I don't feel like we should assume composer.json or package.json will even be enough 5 years from now. Online services come and go at a moment's notice.