Y
Hacker News
new
|
ask
|
show
|
jobs
by
oulipo2
302 days ago
Sure, but then you need to have a way to whitelist
1 comments
lrvick
301 days ago
The whitelist is the package-lock.json of the hashes of libraries you or a security reviewer you trust has reviewed.
link