Every dependency you add is a supply chain attack waiting to happen

4 points by benhoyt 46 days ago | 1 comment

ArcHound 46 days ago |

Yes, keep your dependencies low in numbers. No, don't turn off dependabot. Wait two weeks before updating. IIRC, there's a built-in feature for that.

ArcHound 46 days ago |

Yes, keep your dependencies low in numbers. No, don't turn off dependabot. Wait two weeks before updating. IIRC, there's a built-in feature for that.