|
|
|
|
|
|
by tchetwin
834 days ago
|
|
|
`npx` is a tool that ships alongside `npm` (alongside `node`) that either finds a local installation or performs a just-in-time download, and then runs the default "bin" entrypoint for the package. Newer versions of `npx` (last few years) will prompt the user before installing a package. Older versions did not. Note that installing the package can run arbitrary scripts as a side effect with at least the level of permission of the current user, so there is implicit trust required of the author, and the authors of all transitive dependencies. |
|
|