-
npm is such a security risk that its default use should already be considered negligent. However, this whole exercise highlights well why builds with explicit, documented, reproducible dependencies are so important for security. The default "download latest package" is just bad. @hmemcpy/1359478493386592267