I've been reading about the latest NPM madness with a gigantic bowl of popcorn in hand. 🍿 Who thought it would be a good idea for NPM to automatically "upgrade" dependencies to newer versions? Version pinning should be the default behavior, like other sane environments do (eg Java, Rust).
In fact, here's an angry rant comment I left in a JS-based build system about a year ago:
"Always explicitly pick versions for all JS dependencies!!
The Kotlin front-end plugin will warn us if we try to add a dependency without a version.
Don't ignore those warnings, you'll regret it later if you do.
Thankfully, the newest Kotlin/JS gradle plugin uses yarn,
which will ossify dependency versions into a yarn.lock file.
Use the `backupYarnLock` gradle task to export the dependency versions into source control."
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!