re: He Commits Vendor! 😱 VIEW POST

TOP OF THREAD FULL DISCUSSION
re: On my personal projects I don't really bother with this. However, you only have to look at the NPM "leftpad" debacle to see why I ALWAYS do this in...
 

Yeah, at the very least, I feel like making sure you commit the dependencies for major versions of your final product is important. I don't feel like we should assume composer.json or package.json will even be enough 5 years from now. Online services come and go at a moment's notice.

code of conduct - report abuse