Since md2, md5, sha1 hashing mechanisms are deprecated for iOS 13 and are not considered safe.
Why are we having it in integrity in dependencies in yarn.lock file.
"@types/redux-thunk@^2.1.0":
version "2.1.0"
resolved "https://registry.yarnpkg.com/@types/redux-thunk/-/redux-thunk-2.1.0........"
integrity sha1-vCtulylhgxr7gq.......
dependencies:
redux-thunk "*"
Is it safe to use for development?
Because not all packages have sha512 integrity hashes available. New(er) packages do, older packages might not.
Yes, I'd say so. I think it's very, very unlikely that anyone could concoct a malicious package file that would both be a valid package and have a SHA1 hash collision with the original.