Hello @lirantal!
I'd like to make a suggestion regarding section: 6: Avoid blind npm package upgrades. While the npm-check-updates package is a great tool, I recommend promoting the builtin features offered by package managers. In many cases, when managing dependency updates interactively, it may be preferable to avoid installing external tools in order to reduce attack vectors.
Examples of interactive update commands:
PNPM:
pnpm update --interactive
Reference: https://pnpm.io/cli/update#--interactive--i
Yarn:
Reference: https://yarnpkg.com/cli/upgrade-interactive
Bun:
Reference: https://bun.com/docs/pm/cli/update#interactive
What do you think?
Thank you for this amazing repository.
Hello @lirantal!
I'd like to make a suggestion regarding section: 6: Avoid blind npm package upgrades. While the
npm-check-updatespackage is a great tool, I recommend promoting the builtin features offered by package managers. In many cases, when managing dependency updates interactively, it may be preferable to avoid installing external tools in order to reduce attack vectors.Examples of interactive update commands:
PNPM:
Reference: https://pnpm.io/cli/update#--interactive--i
Yarn:
Reference: https://yarnpkg.com/cli/upgrade-interactive
Bun:
Reference: https://bun.com/docs/pm/cli/update#interactive
What do you think?
Thank you for this amazing repository.