New Crowdin translations by Github Action (#119)

github-actions[bot] · crowdin-bot · web-flow · commit b0ff03ea9094 · 2024-07-11T15:42:44.000+03:00
Co-authored-by: Crowdin Bot &lt;support+bot@crowdin.com&gt;
diff --git a/README_es.md b/README_es.md
@@ -338,6 +338,10 @@ La otra cara del uso de `npm-shrinkwrap.json` son las implicaciones de seguridad
 > 
 > Utilice el comando `npm shrinkwrap` para generar el archivo de bloqueo shrinkwrap, que tiene el mismo formato que el archivo `package-lock.json`.
 
+Another method for vendoring dependencies is to bundle them within the published package, which has the advantage of speeding up installations as it reduces the need to resolve dependencies as well as network requests and bandwidth for download, yet it comes with the disadvantages of being an opaque box for which it is difficult to analyze the dependency tree of the project and result in security tools like Snyk, not reporting vulnerabilities (because Snyk ignores `devDependencies` by default, to reduce noise for developers)
+- Packages are declared as `devDependencies`, so that the package managers will not find any production dependencies to install.
+- The [ncc](https://www.npmjs.com/package/@vercel/ncc) is used to compile a Node.js module into a single file with all of its dependencies in-lined.
+
 Referencias:
 
 - [¿Realmente sabes cómo funciona un archivo de bloqueo para paquetes de Yarn y npm?](https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/)
diff --git a/README_zh-Hans.md b/README_zh-Hans.md
@@ -338,6 +338,10 @@
 > 
 > 使用 `npm shrinkwrap` 命令生成 shrinkwrap 锁定文件，其格式与`package-lock.json`文件的格式相同。
 
+Another method for vendoring dependencies is to bundle them within the published package, which has the advantage of speeding up installations as it reduces the need to resolve dependencies as well as network requests and bandwidth for download, yet it comes with the disadvantages of being an opaque box for which it is difficult to analyze the dependency tree of the project and result in security tools like Snyk, not reporting vulnerabilities (because Snyk ignores `devDependencies` by default, to reduce noise for developers)
+- Packages are declared as `devDependencies`, so that the package managers will not find any production dependencies to install.
+- The [ncc](https://www.npmjs.com/package/@vercel/ncc) is used to compile a Node.js module into a single file with all of its dependencies in-lined.
+
 参考文献：
 
 - [您真的知道锁文件如何处理 yarn 和 npm 软件包吗？](https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/)

Original file line number	Diff line number	Diff line change
@@ -338,6 +338,10 @@ La otra cara del uso de `npm-shrinkwrap.json` son las implicaciones de seguridad
`338`	`338`	`>`
`339`	`339`	> Utilice el comando `npm shrinkwrap` para generar el archivo de bloqueo shrinkwrap, que tiene el mismo formato que el archivo `package-lock.json`.
`340`	`340`
	`341`	+Another method for vendoring dependencies is to bundle them within the published package, which has the advantage of speeding up installations as it reduces the need to resolve dependencies as well as network requests and bandwidth for download, yet it comes with the disadvantages of being an opaque box for which it is difficult to analyze the dependency tree of the project and result in security tools like Snyk, not reporting vulnerabilities (because Snyk ignores `devDependencies` by default, to reduce noise for developers)
	`342`	+- Packages are declared as `devDependencies`, so that the package managers will not find any production dependencies to install.
	`343`	`+- The [ncc](https://www.npmjs.com/package/@vercel/ncc) is used to compile a Node.js module into a single file with all of its dependencies in-lined.`
	`344`	`+`
`341`	`345`	`Referencias:`
`342`	`346`
`343`	`347`	`- [¿Realmente sabes cómo funciona un archivo de bloqueo para paquetes de Yarn y npm?](https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/)`
Original file line number	Diff line number	Diff line change
`@@ -338,6 +338,10 @@`
`338`	`338`	`>`
`339`	`339`	> 使用 `npm shrinkwrap` 命令生成 shrinkwrap 锁定文件，其格式与`package-lock.json`文件的格式相同。
`340`	`340`
	`341`	+Another method for vendoring dependencies is to bundle them within the published package, which has the advantage of speeding up installations as it reduces the need to resolve dependencies as well as network requests and bandwidth for download, yet it comes with the disadvantages of being an opaque box for which it is difficult to analyze the dependency tree of the project and result in security tools like Snyk, not reporting vulnerabilities (because Snyk ignores `devDependencies` by default, to reduce noise for developers)
	`342`	+- Packages are declared as `devDependencies`, so that the package managers will not find any production dependencies to install.
	`343`	`+- The [ncc](https://www.npmjs.com/package/@vercel/ncc) is used to compile a Node.js module into a single file with all of its dependencies in-lined.`
	`344`	`+`
`341`	`345`	`参考文献：`
`342`	`346`
`343`	`347`	`- [您真的知道锁文件如何处理 yarn 和 npm 软件包吗？](https://snyk.io/blog/making-sense-of-package-lock-files-in-the-npm-ecosystem/)`