#integrity

Node Package Managers · Part 6 — Lockfiles, Determinism & Integrity

How resolution actually picks versions, what an SRI integrity hash guarantees, why Corepack pins the package manager per repo, and how lockfile poisoning attacks work.