illegalcode.net

Dependency cooldowns are unfair; we should use phased rollouts instead (opens in new tab)

Covers 3 stories See all stories this covers including We should all be using dependency cooldownsCovered by ruanyifeng.com, ervin.ipsquad.netDiscussed on Hacker News and Lobsters

It was a sunny morning in Melbourne on March 31st. Developers starting their workday were sipping their flat whites as they waited for npm install to finish. You know the rest of this story. The Axios supply chain compromise was live from 00:21 to 03:15 UTC and disproportionately hit the eastern hemisphere. In the aftermath, the quiet calls for dependency cooldowns almost overnight became industry best practice.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 2 articles

ervin.ipsquad.net·

Web Review, Week 2026-21

Feeds

In other languages

ruanyifeng.com·

科技爱好者周刊(第 398 期):Token 费用难以负担

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help