corsicanguppy@lemmy.ca 3 days ago
This looks very nice.
Um, you know you’re supposed to keep dev tools in dev, right? Npm->commit->release payload without npm. Far fewer supply-chain exploits.
corsicanguppy@lemmy.ca 3 days ago
This looks very nice.
Um, you know you’re supposed to keep dev tools in dev, right? Npm->commit->release payload without npm. Far fewer supply-chain exploits.
mlunar@lemmy.world 3 days ago
Thanks! Hmm, not sure what you mean, that I shouldn’t install devDependencies when building the release? That’s a good point, I’ll need to look into it