|
|
|
|
|
|
by flanbiscuit
199 days ago
|
|
|
yes bun does both of the things mentioned in the parent comment: > Unlike other npm clients, Bun does not execute arbitrary lifecycle scripts like postinstall for installed dependencies. Executing arbitrary scripts represents a potential security risk. https://bun.com/docs/pm/cli/install#lifecycle-scripts > To protect against supply chain attacks where malicious packages are quickly published, you can configure a minimum age requirement for npm packages. Package versions published more recently than the specified threshold (in seconds) will be filtered out during installation. https://bun.com/docs/pm/cli/install#minimum-release-age |
|
|