Every dependency you add is a supply chain attack waiting to happen (opens in new tab)

(benhoyt.com)

4 pointsbenhoyt1mo ago1 comments

1 comments

Yes, keep your dependencies low in numbers. No, don't turn off dependabot. Wait two weeks before updating. IIRC, there's a built-in feature for that.

j / k navigate · click thread line to collapse

Yes, keep your dependencies low in numbers. No, don't turn off dependabot. Wait two weeks before updating. IIRC, there's a built-in feature for that.

j / k navigate · click thread line to collapse