You don’t need the latest npm package of everything

Run everything in containers

Don’t install anything that is less than 7/14/X days old

Sign all packages published with a private key

Complain if the package you dependent on have changed signing key

Only install packages that have been signed by 2/3/X other people

--

--

--

I really like building stuff with React.js and Docker and also Meetups ❤

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kevin Simper

Kevin Simper

I really like building stuff with React.js and Docker and also Meetups ❤

More from Medium

Solving the Long Relative Paths Problem Natively in Node.JS

`--skipLibCheck` is a dirty, dirty lie

How to Fix Your Security Vulnerabilities with NPM Overrides

How to solve the NodeJS error: “cannot use import statement outside a module”