undefined | Better HN

0 pointsAgentME1y ago0 comments

Deno and npm both store the hashes of all the dependencies you use in a lock file and verify them on future reinstalls.

0 comments

The lockfile is good, but I'm talking about this inline dependency syntax,

  # dependencies = ['requests', 'beautifulsoup4']

And likewise, Deno can import by URL. Neither include an integrity hash. For JS, I'd suggest

    import * as goodlib from 'https://verysecure.com/notmalicious.mjs' with { integrity="sha384-xxx" }

The Python/UV thing will have to come up with some syntax, I don't know what. Not sure if there's a precedent for attributes.

j / k navigate · click thread line to collapse

The lockfile is good, but I'm talking about this inline dependency syntax,

  # dependencies = ['requests', 'beautifulsoup4']

And likewise, Deno can import by URL. Neither include an integrity hash. For JS, I'd suggest

    import * as goodlib from 'https://verysecure.com/notmalicious.mjs' with { integrity="sha384-xxx" }

The Python/UV thing will have to come up with some syntax, I don't know what. Not sure if there's a precedent for attributes.

j / k navigate · click thread line to collapse