Interesting write up! The whole discussion after colors.js/faker.js is interesting in my opinion - as is every discussion after dependency related incidents. Most people seem to agree that something needs to be done, the problem is finding a solution that people can agree on...
Users that are interested in putting a "buffer" between new version releases and their own dependency supply chain can look into features like our delay on upstream versions: dev.to/sumstrm/update-dependencies...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Interesting write up! The whole discussion after colors.js/faker.js is interesting in my opinion - as is every discussion after dependency related incidents. Most people seem to agree that something needs to be done, the problem is finding a solution that people can agree on...
Users that are interested in putting a "buffer" between new version releases and their own dependency supply chain can look into features like our delay on upstream versions: dev.to/sumstrm/update-dependencies...