corsicanguppy@lemmy.ca 4 weeks ago
This looks very nice.
Um, you know you’re supposed to keep dev tools in dev, right? Npm->commit->release payload without npm. Far fewer supply-chain exploits.
corsicanguppy@lemmy.ca 4 weeks ago
This looks very nice.
Um, you know you’re supposed to keep dev tools in dev, right? Npm->commit->release payload without npm. Far fewer supply-chain exploits.
mlunar@lemmy.world 4 weeks ago
Thanks! Hmm, not sure what you mean, that I shouldn’t install devDependencies when building the release? That’s a good point, I’ll need to look into it