[erlang-questions] rebar3 dependencies

Motiejus Jakštys <>
Wed Mar 23 14:17:10 CET 2016


On Wed, Mar 23, 2016 at 1:47 PM, Roberto Ostinelli <> wrote:
> On the subject on additional reasons to vendor dependencies:
> http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/

This had to happen. :-)

I just woke up from a long sleep and submitted a feature request to
rebar3 for sha-locking the packages from hex.pm[1].

I know there are difficulties to make this happen, but, in the light
of recent events, maybe enough people will appreciate checksums of
their dependencies to make this a reality? :-)

Fred? Tristan?

Regards,
Motiejus


More information about the erlang-questions mailing list