At my former job we had a private registry that was a mirror of npm’s with an ap... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hmokiguess 28 days ago \| parent \| context \| favorite \| on: NPM website was down At my former job we had a private registry that was a mirror of npm’s with an approval gate for packages devs would request and it would always pin versions I took that for granted back then and just assumed it was standard enterprise policy

jamesfinlayson 28 days ago [–]

Multiple previous jobs had this too (local Packagist is thing, Artifactory is another) but my current job got rid of theirs. Seemed a little short-sighted given the risks but I don't make the decisions.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact