Y
Hacker News
new
|
ask
|
show
|
jobs
by
kaelwd
335 days ago
This article is four years old but still relevant:
https://overreacted.io/npm-audit-broken-by-design/
The vast majority of "compromised packages" are just dev dependencies that have a slow regexp.