|
|
|
|
|
|
by lesuorac
213 days ago
|
|
|
To me this is asking the question of "what's the safest way to drink from a polluted river". The answer is really, don't. NPM and the JS eco-system has really gone down a path of zero security and they're paying the price for it. If you really need libraries from NPM and whatnot, vendorize them so you're relying on known-safe files and don't arbitrarily update them without re-verification. |
|
|