Skip to content
Better HN
Top
New
Best
Ask
Show
Jobs
Search
⌘K
0 points
yoavm
4mo ago
0 comments
Share
If you started your Node project yesterday, wouldn't that mean you'd get the fix later?
0 comments
default
newest
oldest
flexd
4mo ago
no, because if you used dependency cooldown you wouldn't be using the latest version when you start your project, you would be using the one that is <cooldown period> days/versions old
edit: but if that's also compromised earlier... \o/
cluckindan
4mo ago
Obviously you bypass the cooldown to fix critical issues.
j
/
k
navigate · click thread line to collapse
undefined | Better HN
