alt Hacker NewsYou're probably already planning this, but please setup an alarm to fire off if a new package release is published that is not correlated with a CI/CD run.
Replies
twistedpair • yesterday at 5:15 PM
This is built in NPM. You can get an email on every pkg publishing.
Sure, it might be a little bit of noise, but if you get a notice @ 3am of an unexpected publishing, you can jump on unpublishing it.
euph0ria • yesterday at 3:56 PM
Very nice way of putting it, kudos!
Or require manual intervention to publish a new package. I'm not sure why we need to have a fully automated pipeline here to go from CI/CD to public package release. It seems like having some kind of manual user interaction to push a new version of a library would be a good thing.