While personally I think in the long run, every npm dependency has to be
provided as a recipe of its own (even I know the costs of that pretty
well)... esp when CVE checking and basic packaging hygiene should be
enforced.
Emphatically agree. The "stuff it all into one recipe" npm approach is very broken.
..Ch:W..
--
"Perfection must be reached by degrees; she requires the slow hand of time." - Voltaire