Y
Hacker News
new
|
ask
|
show
|
jobs
by
blktiger
204 days ago
Both NPM and Yarn have a way to disable install scripts which everyone should do if at all possible.
1 comments
twistedpair
204 days ago
Good point, but until many popular packages stop requiring install.sh to operate, you'll still need to allowlist some of them. That is built into the PNPM tooling, luckily :)
link