alt Hacker NewsAt my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions
I took that for granted back then and just assumed it was standard enterprise policy
At my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions
I took that for granted back then and just assumed it was standard enterprise policy
Multiple previous jobs had this too (local Packagist is thing, Artifactory is another) but my current job got rid of theirs. Seemed a little short-sighted given the risks but I don't make the decisions.