Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
fault1
on Jan 11, 2022
|
parent
|
context
|
favorite
| on:
What NPM should do to stop a new colors attack
however, I think the more common case is that they set it to the latest bounded by a minor or patch version (as opposed to a major version) as defined by semvar.
at least that seems to be quite common in the npm/js world.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
at least that seems to be quite common in the npm/js world.