Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
whilenot-dev
9mo ago
0 comments
Save
Share
To add to this: the hash in the lock file is the checksum of the published tarball, not the commit hash.
0 comments
1 comments · 1 top-level
top
newest
oldest
cluckindan
9mo ago
And then someone runs `npm install` on their CI
j
/
k
navigate · click thread line to collapse
