nodejs/nodebestpractices
1
0
Fork 0
mirror of https://github.com/goldbergyoni/nodebestpractices.git synced 2025-11-02 19:18:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

removed the comma before and as mentioned in PR review

Browse Source
This commit is contained in:
Siddharth Goel
2020-08-21 00:34:23 +05:30
committed by Siddharth Goel
parent a6de46da68
commit 1ec1a0ce56
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -1103,7 +1103,7 @@ Bear in mind that with the introduction of the new V8 engine alongside the new E
## ![✔] 8.3. Remove development dependencies ## ![✔] 8.3. Remove development dependencies
**TL;DR:** Although Dev-Dependencies are sometimes needed during the build and test life-cycle, eventually the image that is shipped to production should be minimal and clean from development dependencies. Doing so guarantees that only necessary code is shipped, and the amount of potential attacks (i.e. attack surface) is minimized. When using multi-stage build (see dedicated bullet) this can be achieved by installing all dependencies first and finally running 'npm ci --production' **TL;DR:** Although Dev-Dependencies are sometimes needed during the build and test life-cycle, eventually the image that is shipped to production should be minimal and clean from development dependencies. Doing so guarantees that only necessary code is shipped and the amount of potential attacks (i.e. attack surface) is minimized. When using multi-stage build (see dedicated bullet) this can be achieved by installing all dependencies first and finally running 'npm ci --production'
**Otherwise:** Many of the infamous npm security breaches were found within development packages **Otherwise:** Many of the infamous npm security breaches were found within development packages