| ▲ | asdkkthrowaway 4 hours ago | |||||||
Doesn't this just mean you're 90 days late on any patches? | ||||||||
| ▲ | moritzwarhier 3 hours ago | parent | next [-] | |||||||
auto-updating is bad. Scheduled, audited updates are good. Installing random npm packages as suggested here is also bad. Especially with "--global", although I'm not sure if that makes any difference because Node by default of course can access all of your file system. | ||||||||
| ▲ | beepbooptheory 4 hours ago | parent | prev [-] | |||||||
This article was on the front page recently that discusses the idea behind this: https://blog.yossarian.net/2025/11/21/We-should-all-be-using... Most of the time, you need quick patches because of fairly recent dependency changes, so if you just wait and kind of "debounce" you dependency updates, you can cover a lot of supply chain vulnerabilities etc. | ||||||||
| ||||||||