Hacker News new | past | comments | ask | show | jobs | submit login

Am I the only one who thinks running scripts on a site directly from npm is a bad idea? What happens when an incompatible change in any of the dependencies is pushed. What if a package owner had transferred his ownership und the new owner pushes whatever he wants.



Using unpkg.com as an example they redirect from the root URL of a package to the latest version. For instance https://unpkg.com/mithril will redirect to https://unpkg.com/mithril@1.1.4/mithril.js

For example if adding a URL on https://flems.io it will store the xhr.responseURL to take advantage of this to pin the version. I would guess guess Scrimba does something similar?


Wow, so you auto-pin, that's great!


For one off examples it is just convenient. For long-lasting demo, it would be wise to pin the versions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: