Hacker News new | past | comments | ask | show | jobs | submit login

If each package vendors its own deps, when the dep has a security vulnerability and needs an upgrade you need to hunt down every last location it exists in, instead of updating the single shared system dep and being done with it.



we just need better tooling for upgrading the individual locations. something like GitHubs dependabot




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: