|
|
|
|
|
|
by fiddlerwoaroof
1866 days ago
|
|
|
You can solve the third problem by declaring a shell function `install` that is run at the send of the script. The first problem is a problem but, as far as I know, most language package managers don’t verify provenance anyway: yarn install foo can perform arbitrary side-effects either directly or through its transitive dependencies. |
|
|