Y
Hacker News
new
|
ask
|
show
|
jobs
by
Bjartr
893 days ago
One issue is npm will allow arbitrary code to execute as part of an install script for a package, which allows a class of attacks that aren't possible in the maven world.