Integrity checking & lock files https://deno.land/manual@v1.9.0/linking_to_exter... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tlrobinson on April 14, 2021 \| parent \| context \| favorite \| on: Deno 1.9 Integrity checking & lock files https://deno.land/manual@v1.9.0/linking_to_external_code/int... The same problem (and solution: package-lock.json or yarn.lock) exists in npm if you use semver version specifiers, or npm itself could be hacked, it’s just a bit more acute in Deno since it’s easy and common to load files from arbitrary hosts that don’t enforce immutable versions.

nikisweeting on April 15, 2021 [–]

npm has a lot more to lose from being hacked than some random URL, I trust npm with my packages because they fix stuff when something like left-pad happens, the same is not true for every URL I'd have to import to build a deno package.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact