package-registries

Tag

Cards List
#package-registries

Dependencies should be fetched directly from VCS

Hacker News Top · yesterday Cached

The author argues that fetching dependencies directly from VCS (as done in Go) is more secure and easier to audit than using package registries with a publish step (as in Ruby, npm, PyPI).

0 favorites 0 likes
← Back to home

Submit Feedback