|
|
|
|
|
|
by theodorejb
230 days ago
|
|
|
I would expect to be able to download a package and then inspect the code before I decide to import/run any of the package files. But npm by default will run arbitrary code in the package before developers have a chance to inspect it, which can be very surprising and dangerous. |
|
|