[Node] Install packages correctly and avoid attacks
作者:互联网
Read Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
Yarn:
yarn install –immutable --immutable-cache --checkcache
to ensure matching packages are present.
Npm:
npm ci
to install matching packages without performing any upgrades.
Check NPM Scope.
And private package.
标签:Node,ci,install,attacks,immutable,--,Install,packages,matching 来源: https://www.cnblogs.com/Answer1215/p/14405779.html