minus-squarePinhead77@piefed.socialtoSelfhosted@lemmy.world•18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCElinkfedilinkEnglisharrow-up1·edit-21 month agoYou can use pnpm instead of npm. pnpm has a “Delay dependency updates” feature where you can install package versions that are x old only. See https://pnpm.io/supply-chain-security#delay-dependency-updates Edit: I just found out, that this can also be specified in npm and yarn: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104 linkfedilink
Pinhead77@piefed.social to PeerTube@lemmy.wtfEnglish · 6 months agoIn my opinion, this is the biggest problem preventing PeerTube from becoming a true alternative to YouTubeplus-squaremessage-squaremessage-square0fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1message-squareIn my opinion, this is the biggest problem preventing PeerTube from becoming a true alternative to YouTubeplus-squarePinhead77@piefed.social to PeerTube@lemmy.wtfEnglish · 6 months agomessage-square0fedilink
You can use pnpm instead of npm. pnpm has a “Delay dependency updates” feature where you can install package versions that are x old only.
See https://pnpm.io/supply-chain-security#delay-dependency-updates
Edit: I just found out, that this can also be specified in npm and yarn: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104