undefined | Better HN

0 pointsMortyWaves1y ago0 comments

Surely there has to be better ways of “vendoring” (including hosting your own package repository that doesn’t automatically pull new versions) than adding thousands or maybe tens of thousands of files to the git repo?

0 comments

xdennis1y ago

If my podcast memory serves, that's how Isaac (the NPM guy) said it was intended.

You would `npm install` and then `git commit`. That's why npm didn't have a lock file back then. Git was the lock file.

compootr1y ago

if it's dumb and it works it isn't dumb!

another rather simple solution is a git mirror of each package, then point npm to a git url

guappa1y ago

On debian I do debdiff to see the differences between two source packages.

j / k navigate · click thread line to collapse