Y
Hacker News
new
|
ask
|
show
|
jobs
by
jacques_chester
1693 days ago
I think NPM should consider flipping the default on this. Code that
requires
an install script should be the odd case that draws scrutiny.
1 comments
salzig
1693 days ago
or, cause enabled is the default right now, it's way easier to spot malicious packages right now?
link
jacques_chester
1693 days ago
I disagree. We don't know how many such packages run installation scripts without noticeably breaking.
link