You can do that with NPM if you pin your dependencies to exact versions, which i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		RussianCow on April 25, 2020 \| parent \| context \| favorite \| on: A one-line package broke `npm create-react-app` You can do that with NPM if you pin your dependencies to exact versions, which is the same solution that you would use for any other package manager, and basically what Debian and other Linux distros do for you. I don't know why you think this problem is somehow unique to NPM or the JavaScript ecosystem.

ddevault on April 25, 2020 [–]

And yet, somehow Debian isn't in the new every few months. There's a fundamental difference in culture, for one. But the fundamental difference in approach is there, too. Debian packages are vetted. npm packages are not.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact