|
|
|
|
Show HN: NPM install is a security hole, so we built a guard for it
(github.com)
|
|
1 points
by Sahil121
87 days ago
|
|
|
`npm install` is more trusted than it should be. PMG is a guard in front of your package manager that intercepts installs and blocks malicious dependencies before they land on your system. It also consists of an sandbox layer which protects you from unknown malicious threats. Curious if install-time enforcement makes sense in your workflow. |
|
|