|
|
|
|
|
|
by minitech
3733 days ago
|
|
|
No, because it can just sit in the background and wait until you type your passphrase at some point. As soon as you run malicious code, it’s all over; no workarounds. It would be nice if npm didn’t run arbitrary install scripts by default… |
|
|