|
|
|
|
|
|
by throwitaway1123
784 days ago
|
|
|
> allows any transitive dependency to run arbitrary code on your machine at a time of installation This point gets parroted so often on HN [1]. You can install packages with the --ignore-scripts flag to disable this behavior, or just set the option globally in your NPM config file. I do like the way Bun disables lifecycle scripts by default [2], but it takes me all of two seconds to run `npm config set ignore-scripts=true` on a new machine, so it's basically a non-issue for me. [1] https://news.ycombinator.com/item?id=38797176 [2] https://bun.sh/docs/cli/install#lifecycle-scripts |
|
|