[erlang-questions] rebar3 dependencies
Motiejus Jakštys
desired.mta@REDACTED
Wed Mar 23 14:17:10 CET 2016
On Wed, Mar 23, 2016 at 1:47 PM, Roberto Ostinelli <roberto@REDACTED> wrote:
> On the subject on additional reasons to vendor dependencies:
> http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/
This had to happen. :-)
I just woke up from a long sleep and submitted a feature request to
rebar3 for sha-locking the packages from hex.pm[1].
I know there are difficulties to make this happen, but, in the light
of recent events, maybe enough people will appreciate checksums of
their dependencies to make this a reality? :-)
Fred? Tristan?
Regards,
Motiejus
More information about the erlang-questions
mailing list