|
|
|
|
|
|
by marifjeren
185 days ago
|
|
|
> """
I'm strongly in favor of blocking post-install scripts by default. :+1:
This is a change that will have a painful adjustment period for our users, but I believe in ~1 year everyone will look back and be thankful we made it. It's nuts that a [pnpm|yarn|npm] install can run arbitrary code in the first place.
""" - a pnpm maintainer 1 year ago https://github.com/pnpm/pnpm/pull/8897 |
|
|
Convenience trumps security every time. With people who allegedly know better.