Not saying this is automatically a problem, but you *will* lose money over this.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ucarion on Oct 4, 2020 \| parent \| context \| favorite \| on: A web of trust for NPM Not saying this is automatically a problem, but you will lose money over this. When a build dependency is unavailable or broken, you cannot create production artifacts. You'll lose money over this because broken builds lead to incidents, longer time-to-recovery during incidents, and slower development. All of these cost money. Your exposure to defects in your build dependencies will depend on a lot of factors, but the exposure will always be there.

striking on Oct 4, 2020 | [–]

Deps aren't unavailable or broken if I cache and pin them, and I do, because not having done so would have cost me a lot of time and money a long time ago.

tiglionabbit on Oct 4, 2020 | [–]

Then cache the dependencies you're using.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact