Y
Hacker News
new
|
ask
|
show
|
jobs
by
internet_points
198 days ago
but if you `cd project && npm install compromised-package` then compromised-package's setup script can still read your env vars, right?
1 comments
tinodb
196 days ago
Yes, but I guess that is still much better than that it can read
all
your .env files on your machine
link