|
|
|
|
|
|
by ashishb
162 days ago
|
|
|
> definitely wouldn't recommend `npm install <actually a random package>`, even in Docker. That's not the main attack vector.
The attack vector is some random dependency that is used by a lot of popular packages, which you `npm install` indirectly. |
|
|
Again, it's great to run `npm` in a container. I do that too because it's the lowest effort solution I have available.