Add resource "Should you Pin your JavaScript Dependencies?" Accepted
Changes: 4
-
Add Should you Pin your JavaScript Dependencies?
- Title
-
- Unchanged
- Should you Pin your JavaScript Dependencies?
- Type
-
- Unchanged
- Blog post
- Created
-
- Unchanged
- 2018-01-19
- Description
-
- Unchanged
- The pros and cons of dependency pinning for JavaScript/npm
- Link
-
- Unchanged
- https://docs.renovatebot.com/dependency-pinning/
- Identifier
-
- Unchanged
- no value
Resource | v1 | current (v1) -
Add Dependency pinning
- Title
-
- Unchanged
- Dependency pinning
- Description
-
- Unchanged
- The practice of “pinning dependencies” refers to making explicit the versions of software your application depends on (defining the dependencies of new software libraries is outside the scope of this document). Dependency pinning takes different forms in different frameworks, but the high-level idea is to “freeze” dependencies so that deployments are repeatable. Without this, we run the risk of executing different software whenever servers are restaged, a new team-member joins the project, or between development and production environments. In addition to repeatability, pinning dependencies allows automatic notification of vulnerable dependencies via static analysis. As such, all deployed applications should be pinning their library (and where possible: language, OS, etc.) versions.
- Link
-
- Unchanged
- https://before-you-ship.18f.gov/infrastructure/pinning-dependencies/
Topic | v1 | current (v1) -
Add Dependency pinning treated in Should you Pin your JavaScript Dependencies?
- Current
- treated in
Topic to resource relation | v1 -
Add Computer programming parent of Dependency pinning
- Current
- parent of
Topic to topic relation | v1