Y
Hacker News
new
|
ask
|
show
|
jobs
by
_3u10
58 days ago
I’ve never seen code that is downloaded run itself. Why not be the change you want to see in the world and run sudo or spawn your browser in a jail. Or download as another user.
1 comments
endymi0n
57 days ago
Welcome to npm post-install scripts...
https://docs.npmjs.com/cli/v11/using-npm/scripts
link
okanat
57 days ago
And Rust build scripts:
https://doc.rust-lang.org/cargo/reference/build-scripts.html
link
johnny22
57 days ago
glad pnpm disables those by default!
link
skeeter2020
57 days ago
PSA: if you're using (a newish release of) npm you should have something like this as a default, unless you've got good reasons not to:
min-release-age=7 # days
ignore-scripts=true
link